Retool mobile app login with onpremise

Hi,

We are using Retool on prem and want to use mobile app offline functionality. Everything looks fine when using the browser version but we can't connect using the Mobile app.

I found this previous post about this subject: Retool mobile with onpremise

Basicaly, when connecting with the app and validating your login, it seems the app forcively goes through the web. Again, we tried connecting with a mobile using the web broser and VPN or directly on site and it works but not when connecting the mobile app (so the validation process most be different in the app).

In the post listed above, the "solution" was to expose the on-prem server to the internet, a possible work-aroudn for them but we don't want to expose our on-prem server to the web.

Is there anyway now to go through the login process in app without exposing the server as we can in browser ?

Hi @Angio, could you expand on your use case? Feel free to send it on a DM if you wouldn't like your response to be public.

Hi @Paulo, it's the same case as the one I refer to in the original post; basicaly the mobile app of retool goes through the web as part of it's authentication process when login-in (licence validating perhabs or whatever) so even if you have access to the on-prem server, you can't login if that server isn't expose to the web as well. It isn't the case when using Retool with a web browser (you can login and use retool on site without the web at all).

The only "solution" is to expose the on-prem server to the web and we want to avoid that. So is there an update planed at some point for the mobile app to be able to login to an on-prem retool server that isn't reachable from the internet?

Thank you for expanding on it! If we don't want to expose our on-prem server to the public, what about installing a VPN on each mobile device? We could use a service like Tailscale.

@Angio are you getting some kind of error connecting to your onprem backend? Can you share a video?

We (Retool) also have an onprem instance that's availably only within a VPN and things seem to work correctly for us.

Hi it's likely that whichever internal vpn/firewall you were using was presenting an incomplete certificate chain or a self-signed certificate. Exposing the on-prem server to the web would bypass the proxy chain and would have directly exposed the certificate configured on the Retool instance. Android/iOS apps have a stricter policy when it comes to the chain of certs.

There's a doc: Configure SSL and custom certificates | Retool Docs that explains how to avoid the self-signed issue. But we don't have documentation on how to solve the chain-of-certs issue (i.e. concatenation of certs) because it varies by provider.