You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fixes and updates for local testing over HTTPS (#11768)
* Tweak how local cert is generated
- Don't include port in CN
- Add SAN including the IP address (required for Safari on iOS)
[skip changelog]
* Update docs for local development
- Bind to a specific IP
- Describe how to trust cert on iOS
* Don't include port number in name of SSL cert files
This will ensure new keys / certs are generated without requiring folks to remove the old ones first.
Copy file name to clipboardExpand all lines: docs/mobile.md
+39-5Lines changed: 39 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -9,29 +9,63 @@ Instructions to use an iPhone or Android mobile device for local app development
9
9
10
10
These instructions will configure your local copy of the identity-idp app to serve web pages over your local computer network — the wifi in your home or office. You can broadcast the app to a mobile phone or tablet. Both your mobile device and your development computer (your laptop) must be connected to the same wifi network.
11
11
12
-
By default, the application binds to `localhost`. These instructions bind to `0.0.0.0` instead. Some Android users report they can access `localhost:3000` directly on their phone, however.
12
+
By default, the application binds to `localhost`. To access it from a mobile device on the same network, you will need to bind it to an accessible IP address.
13
13
14
-
1. Find your Local Area Network IP address. On a MacBook, this is available at **System Preferences → Network**. The address may start with `192.168`.
14
+
1. Find your Local Area Network IP address. On a MacBook, this is available at **System Preferences → Network**. The IP address you are looking for likely starts with `192.168.` or `10.`
15
15
16
16
2. In your app's `application.yml` file, add the below. Be sure to indent these lines and include them in the `development:` section. Also, fill in your actual LAN IP address. The final line creates a **confirm now** link in place of email confirmation.
17
17
18
18
```yaml
19
19
development:
20
-
domain_name: 192.168.x.x:3000
21
-
mailer_domain_name: 192.168.x.x:3000
20
+
domain_name: <YOUR IP ADDRESS>:3000
21
+
mailer_domain_name: <YOUR IP ADDRESS>:3000
22
22
enable_load_testing_mode: true
23
23
```
24
24
25
25
3. Start your app's local web server with:
26
26
27
27
```bash
28
-
HOST=0.0.0.0 make run-https
28
+
HOST=<YOUR IP ADDRESS> make run-https
29
29
```
30
30
31
31
4. On your phone's browser, open a new tab. In the address bar, type in `https://` (don't forget the `s`) followed by your LAN IP and port number (like `https://192.168.x.x:3000`). When you visit this page, you may see a **Your connection is not private** message. Click **Advanced** and **Proceed** to continue. You should then see the sign in screen of the identity-idp app.
32
32
33
33
After you complete these steps, pages from the app are served from your development machine to your mobile device, where you may now use the identity-idp app. For front-end development, you may now want to turn on browser development tools per the next section of these instructions.
34
34
35
+
### Special instructions for iOS
36
+
37
+
It is becoming more common for browsers to entirely block access to sites using self-signed certificates, not even providing an escape hatch like the one described above.
38
+
39
+
If you are not able to access the locally running app from your iPhone, follow these steps:
40
+
41
+
#### 1. Somehow get the `.crt` file into the iOS Files app
42
+
43
+
When you run `make run-https`, the system generates a self-signed SSL certificate for you and stores it in the `tmp` directory. The file will be named something like `<YOUR IP ADDRESS>-3000.crt`. You need to get that file onto your phone and into the iOS Files app.
44
+
45
+
One way to do this is via Google Drive:
46
+
47
+
1. Upload the file to Google Drive.
48
+
2. Open the Google Drive app on your phone and "Download" the `.crt` file.
49
+
3. When prompted for a destination, select "Save to Files".
50
+
51
+
#### 2. Import the certificate into iOS
52
+
53
+
1. Open the Files app.
54
+
2. Tap on the `.crt` file (fun fact: it may now show a `.cer` extension!).
55
+
3. You should see some kind of message about a profile being downloaded.
56
+
4. Open the Settings app. Notice you have a new "Profile Downloaded" item there. Tap that.
57
+
5. Install the profile. You will be prompted for confirmation many times.
58
+
59
+
#### 3. Trust the certificate
60
+
61
+
1. Go to **Settings > General > About > Certificate Trust Settings**.
62
+
2. Tick the little box next to the certificate you just installed.
63
+
64
+
At this point, you _should_ be able to access the IdP running on your local development computer from your phone.
65
+
66
+
> [!WARNING]
67
+
> Do not forget to un-trust the certificate and remove the profile when you are done.
68
+
35
69
## Debugging with the desktop browser
36
70
37
71
After you have completed the [§ Use the app from a mobile device](#use-the-app-from-a-mobile-device) instructions above, you may further want to use your desktop browser's development and dubugging tools.
0 commit comments