Graphql-flutter: Support certificate pinning

Created on 6 Jul 2020  Â·  5Comments  Â·  Source: zino-app/graphql-flutter

Is your feature request related to a problem? Please describe.
Cannot implement certificate pinning

Describe the solution you'd like
When connecting with backend on Android using OkHttp client, it is easy to implement certificate pinning. With GraphQL, I don't know how to implement this.

All 5 comments

I have no idea what this is but it sounds like an http level concern. You can pass your own httpClient to HttpLink so you should be able to do this

@micimize if we don't pass httpClient, what is the default httpClient library we are using?

If we use Android HttpURLConnection & iOS NSURLSession, the connection security such as certificate validation will be handled by the API. I am wondering which kind of http client our GraphQL flutter is using, I read the code but couldn't figure out

we use the default from package:http/http.dart – https://pub.dev/documentation/http/latest/http/http-library.html

This article seems to address using it for ssl pinning https://medium.com/surfstudio/ssl-pinning-in-flutter-apps-254e01e57965

@micimize Thank a lot for the link, it is very helpful.

I have managed to pin certificate with graphQL client now

SecurityContext context = SecurityContext();
  context.setTrustedCertificatesBytes(null);
  HttpClient http = new HttpClient(context: context);

  http.badCertificateCallback =
      (X509Certificate cert, String host, int port) {
    print("!!!!Bad certificate");
    return false;
  };

  final httpClient = new IOClient(http);

  final HttpLink link = HttpLink(uri: Env.graphQLUrl, headers: {'x-api-key': Env.graphQLApiKey}, httpClient: httpClient);
Was this page helpful?
0 / 5 - 0 ratings