无法从Docker容器内的Google API交换AccessToken [英] Cannot exchange AccessToken from Google API inside Docker container
问题描述
我有一个用Go语言编写的网络应用,请使用oauth2(软件包 golang.org/x/oauth2
)通过Google登录用户(请按照本教程 https://developers.google.com/identity/sign-in/web / server-side-flow )。
I have a web app written in Go, use oauth2 (package golang.org/x/oauth2
) to sign user in by Google (follow this tutorial https://developers.google.com/identity/sign-in/web/server-side-flow).
当我在本地测试应用程序时,它工作正常,但是当我部署应用程序并在Docker容器中运行时(基在 alpine:latest
上,运行二进制文件),它有一个错误:
Post https://accounts.google.com/o / oauth2 /令牌:x509:未知权限签署的证书
When I test app on local, it works fine but when I deploy app and run inside a Docker container (base on alpine:latest
, run binary file), it has an error:
Post https://accounts.google.com/o/oauth2/token: x509: certificate signed by unknown authority
这是我的代码,用于交换accessToken:
Here is my code to exchange the accessToken:
ctx = context.Background()
config := &oauth2.Config{
ClientID: config.GoogleClientId,
ClientSecret: config.GoogleClientSecret,
RedirectURL: config.GoogleLoginRedirectUrl,
Endpoint: google.Endpoint,
Scopes: []string{"email", "profile"},
}
accessToken, err := config.Exchange(ctx, req.Code)
if err != nil {
log.Println(err.Error()) // Error here
}
推荐答案
问题不是Go引起的,而是Alpine映像。
The problem is not caused by Go but Alpine image.
默认Alpine映像没有证书,因此应用程序无法调用https地址(本例为 https://accounts.google.com/o/oauth2/token)。
Default Alpine image does not have certificates so the app cannot call to https address (this case is https://accounts.google.com/o/oauth2/token).
要解决此问题,请安装2个软件包 openssl
和 ca-证书
。 Dockerfile中的示例:
To fix this problem, install 2 packages openssl
and ca-certificates
. Example in Dockerfile:
apk add --no-cache ca-certificates openssl
这篇关于无法从Docker容器内的Google API交换AccessToken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!