The AuthProxy plugin provides the ability to make HTTPS requests with mutual authentication, and to optionally intercept all web requests to handle basic authentication and X509 certificate challenges. The plugin is supported for use with applications on the Android, iOS, and Windows 8.1 platforms.
The AuthProxy plugin handles specifying a certificate to include in an HTTPS request that identifies the client to the server, which allows the server to verify the identity of the client. An example of where you might need mutual authentication is in the onboarding process, when you register with an application, or, to access an OData producer. You can make HTTPS requests with no authentication, with basic authentication, or by using certificates. Supported certificate sources include file, system key manager, and Afaria.
The AuthProxy plugin can intercept all web and data requests and handle basic authentication and X509 certificate challenges inside Cordova's embedded WebView. By default the WebView does not handle these challenges correctly. When the server challenges the client side authentication, the AuthProxy plugin shows the proper UI to let the user enter a username/password, or select from a list of installed certificates, for answering the challenge. Interception of web requests with Android devices is not particularly recommended, unless you have such a requirement. You can enable or disable interception of web requests using the SAPKapselHandleHttpRequests preference setting in config.xml. The default value of this preference is false for backward compatibility. To enable the feature, edit config.xml and change the value to true.
For requests with basic authentication, if the credentials are not provided with the request, then a dialog box prompts the user to enter a user name and password, and the credentials are cached in the data vault and are automatically used when the server challenges again.
For requests with an X.509 certificate challenge, a dialog box shows the list of client certificates already installed, and the user can select the correct certificate to answer the the server side challenge. The user is only prompted again for a certificate if the user entered an invalid certificate. Note that on iOS, the client certificate must be already installed in the application's keychain, before running the application.
Kapsel plugins support Apache Cordova's domain whitelisting model. Whitelisting allows you to control access to external network resources. Apache Cordova whitelisting allows you to whitelist individual network resources (URLs), for example, http://www.google.com.
For information about the whitelist rules, see http://docs.phonegap.com/en/3.3.0/guide_appdev_whitelist_index.md.html.