We are using Retool on prem and want to use mobile app offline functionality. Everything looks fine when using the browser version but we can't connect using the Mobile app.
Basicaly, when connecting with the app and validating your login, it seems the app forcively goes through the web. Again, we tried connecting with a mobile using the web broser and VPN or directly on site and it works but not when connecting the mobile app (so the validation process most be different in the app).
In the post listed above, the "solution" was to expose the on-prem server to the internet, a possible work-aroudn for them but we don't want to expose our on-prem server to the web.
Is there anyway now to go through the login process in app without exposing the server as we can in browser ?
Hi @Paulo, it's the same case as the one I refer to in the original post; basicaly the mobile app of retool goes through the web as part of it's authentication process when login-in (licence validating perhabs or whatever) so even if you have access to the on-prem server, you can't login if that server isn't expose to the web as well. It isn't the case when using Retool with a web browser (you can login and use retool on site without the web at all).
The only "solution" is to expose the on-prem server to the web and we want to avoid that. So is there an update planed at some point for the mobile app to be able to login to an on-prem retool server that isn't reachable from the internet?
Thank you for expanding on it! If we don't want to expose our on-prem server to the public, what about installing a VPN on each mobile device? We could use a service like Tailscale.
Hi it's likely that whichever internal vpn/firewall you were using was presenting an incomplete certificate chain or a self-signed certificate. Exposing the on-prem server to the web would bypass the proxy chain and would have directly exposed the certificate configured on the Retool instance. Android/iOS apps have a stricter policy when it comes to the chain of certs.
There's a doc: Configure SSL and custom certificates | Retool Docs that explains how to avoid the self-signed issue. But we don't have documentation on how to solve the chain-of-certs issue (i.e. concatenation of certs) because it varies by provider.