Android: TLS Mutual Auth Certificate Support

This is too much of an advanced feature to consider for the official app.

@balloob I understand there might be more important feature requests right now. But is there any chance this will be considered in the future? For people that value the security of their installations enough to use Mutual TLS Auth, not having it means effectively blocking them from using the official client

This app is still very very young. It will take time to evolve it and get it to a point that it does all the things people expect from a basic app. People will always come up with other authentication schemes or features that they want. Each of those comes at a cost that needs to be forever supported. Not by you, but by us. So we need to make choices, and if the choice means that we block a tiny tiny fraction of the user base so that we can have an easier to maintain app, it's an easy choice.

You can always use the browser to look at the UI or fork the app, it's open source 👍

Thanks for your thoughtful reply. As I mentioned above, I completely understand the reasoning (including the need to support it). I take it from your last sentence that the HA team would not be interested in getting a PR for this feature? I just ask because I was considering rolling my sleeves during the holidays, but if the HA team understandably doesn't want it, I could work on other HA stuff I'm thinking about

I think that it's too much of a niche feature to accept a PR for. If that changes in the future, we could reconsider.

Got it. Thanks for engaging on this closed issue 😄

Would PRs implementing mutual TLS authentication with client certificate be accepted?

For reference:

• https://developer.android.com/reference/android/webkit/ClientCertRequest.html
• https://stackoverflow.com/a/35403556/316805
• https://stackoverflow.com/a/28981649/316805
• https://issuetracker.google.com/issues/36968069#comment10

I've submitted https://github.com/home-assistant/android/pull/870 to implement this: