I have read quite a few resources and tutorials so far, and I still haven't found the solution I need.
The problem is that my application using Retrofit 2 does not send requests to my own server. Empirically, it was revealed that requests are not sent only to addresses using http. Requests were sent to https.
As a solution to this problem, I added the SSL key to my server (My server is written on Spring). Now requests are at least being sent. However, due to the fact that the key that I generated is not confirmed, the application still does not want to make requests for the links I need.
Question: how can you configure Retrofit 2 so that it works with http?
UPD: there is repo with some code from project:https://github.com/Parocq/AuthScreenApp
Problem was solved with enabling cleartext traffic in manifest.
Two strings was added:
xmlns:tools="http://schemas.android.com/tools"
and
android:usesCleartextTraffic="true"
<manifest
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.xxx.xxx.xxx">
<application
...
android:usesCleartextTraffic="true"
...
</application></manifest>
I took a look at the retrofit documentation https://square.github.io/retrofit/, and also did a quick look at their source code, and as far as I could see there is really nothing in there that cares about HTTP vs HTTPS.
I would suggest trying your app on a device or emulator running a pre-Pie version of Android, just to verify that everything works as expected with your plain HTTP requests. If it does, then I think the next step is to double-check your network security configuration, as suggested by #Bek. In case you have not found this article yet, here is a good place to start: https://developer.android.com/training/articles/security-config
I'm know this is at best a 'partial answer' (if even that) but I decided to post it based on the SO answer tips. I hope it can at least help you get unstuck or help you improve your question, and can be updated at some point with actual specific information on your question.
Update:
Looks like you found the real answer, that was quick! https://stackoverflow.com/a/65751722/1245561
Related
We are developing an app that should get data from the Moves app API.
When authorising our app on the mobile phone, we manage to do so successfully in the case in which we submit the PIN provided by the desktop link into the moves app:
https://api.moves-app.com/oauth/v1/authorize?response_type=code&client_id=<client_id>&scope=<scope>&state=<state>
In the case where I use the Mobile website / app link instead, this won't work:
moves://app/authorize?client_id=<client_id>&scope=activity%20location&state=<state>&redirect_uri=<redirect_uri>
Note: <redirect_uri>==encodeURIComponent("mymovesconnector:8081/callback").
The response we get from the Moves API is 400: {"error":"invalid_grant"}.
From the docs, it says that invalid_grant can happen if either:
the code in the request is not valid or
the code has expired (it’s valid for 5 minutes currently) or
the code has been revoked, because it was already used in an access token request (both successful and unsuccessful requests will revoke the code) or
you are missing the redirect_uri parameter when it’s required.
My checklist:
I guess this could have happened, but how/why should this code, provided over moves://, be different than the one provided through the https:// request? What control do I have over this?
not my case, since I'm using the code right away within less then a few seconds
if this might have happened, where could it happen other than through the redirect url?
I'm providing it always. It's always the same - also in the app settings on moves.
Can't figure out what I'm missing. Went through the docs many times, step by step. No success.
While writing down my question, I managed to figure out a solution to this problem.
The docs don't point out that response_type=code might also be used for the moves:// link. I tried to add this parameter, and it worked!
Note: this has been tested on a virtual android device only (Genymotion).
I am new to the mitmproxy world. I need to write a python script that would log all the requests made from a certain app on Genymotion emulator. Now, I learned that mitmproxy can be helpful for my requirement. So I have successfully set up mitmproxy and now I am able to monitor all the traffic HTTP/S from any app on Gennymotion through the mitm client.
However, what I want is :
The app would be explored manually by the user and there should be this Python script running that would simply log all the requests being made while the user is exploring the app.
I have tried going through the Github examples of mitmproxy APIs, but have not been able to understand them. Could someone please point me to a more detailed explanation/usage guide for these APIs ?
Through some more digging, I figured out that I need something similar to https://github.com/mitmproxy/mitmproxy/blob/master/examples/flowbasic but I do not understand what is happening inside the script in the above resource.
Like
what is f.reply() ?
what is flow.State() ?
what is m.run() ?
what is flow.FlowMaster ?
And more importantly, is there a place i can learn about these various methods and others used in the above ?
Similarly, found this as well : get a "raw" request\response from MITM Proxy
Can someone please explain how to or where do I call the request() from ?
What is the context and flow parameters there ?
mitmproxy -w log_file.txt
should work for what you want. As for the docs, mitmproxy --help gives you some insight on the available options.
I have some applications that were transferred from another company to ours. We have had google move them to our Publisher Account. However I am trying to verify the Licensing and can only get Don't Allow with an error of 561.
I have done a lot of licensed apps and have checked permissions, PUBLIC_KEY, Test Accounts, to whole thing. I have checked versions, and tried testing the app signed and unsigned. No luck it always gives an error 561.
I cannot find anything about an error 561, does anyone know what this code means?
I assume you are referring to the Method void processServerResponse(int response, ResponseData rawData); in the interface com.google.android.vending.licensing.Policy
561 is the same as 0x231 which is definde in the interafce as NOT_LICENSED.
So there is an error with your license and you should check in the rawData to see why.
I was getting the same error, I spent a whole day to get rid of it. In my case, the problem was due to network security. I tried it with the different network (Personal hotspot network). It worked well.
This answer is maybe for anyone because it's late.
Make sure that you add the CHECK_LICENCE permission in the Manifest:
<uses-permission android:name="com.android.vending.CHECK_LICENSE" />
and make sure you upload the app to the store for testing.
I am building a simple search app through MIT AppInventor. I have had no problems in querying my spreadsheet shared as public on the cloud.
Suddenly, for no reason, my GET request to the HTTP fails with a response code of -1. I have looked everywhere but can't find an explanation for this -1 code.
Let me repeat that the same block of codes was working perfectly fine until this happened. Now I can't figure out what is going wrong. Any help will be much appreciated.
I solved this problem when I found out that my target spreadsheet link, which used to start with http:// was changed to https://. I found that my browser redirected me to https:// when I tried to run my query directly on the web. So changing that in my code fixed the issue.
I came across a similar issue recently. It used to work and I found out that my get request was being redirected to a login page being the session had expired.
I suggest you open the get request using the webviewer component (or activitystarter) to give you a better understanding of where the error is coming from.
I try since a few days to connect one of my android app to an oauth service. I have found a few really good articles like http://blog.doityourselfandroid.com/2011/04/12/oauth-android-google-apis-client-library-java/ or marakana.com/forums/android/examples/312.html but even with those papers I can't manage to make It work.
Well, here is my current code packaged in a tar archive : http://braindead.fr/oauth-warrior.tar.gz
So the problem is that each time I attempt to retrieve an access token I got an OAuthCommunicationException (respectively line 26 and 39 of OAUthTokenValidator.java) after user validation on oauth server and url callback.
I anybody know why signopost/oauth does not accept to make this last call I'll be really grateful :)
Sincerely, Daroth
this might be a bit late to answer, but still.. for folks still searching:
check your menu->settings->date/time, sometimes an emulator's timezone won't match the real timezone. thus, the server denies it. they usually have a 3-10 minute variance.
check your manifest for INTERNET permission ;)
another tip: not many elder wizards would unpack a tar from an unknown source.. you should use a pastebin service, or an open git/svn/hg repo.