无法从Docker容器内的Google API交换AccessToken [英] Cannot exchange AccessToken from Google API inside Docker container

问题描述

我有一个用Go语言编写的网络应用，请使用oauth2（软件包 golang.org/x/oauth2 ）通过Google登录用户（请按照本教程 https://developers.google.com/identity/sign-in/web / server-side-flow ）。

I have a web app written in Go, use oauth2 (package golang.org/x/oauth2) to sign user in by Google (follow this tutorial https://developers.google.com/identity/sign-in/web/server-side-flow).

当我在本地测试应用程序时，它工作正常，但是当我部署应用程序并在Docker容器中运行时（基在 alpine：latest 上，运行二进制文件），它有一个错误：
Post https://accounts.google.com/o / oauth2 /令牌：x509：未知权限签署的证书


When I test app on local, it works fine but when I deploy app and run inside a Docker container (base on alpine:latest, run binary file), it has an error: Post https://accounts.google.com/o/oauth2/token: x509: certificate signed by unknown authority

这是我的代码，用于交换accessToken：

Here is my code to exchange the accessToken:

ctx = context.Background()

config := &oauth2.Config{
    ClientID:     config.GoogleClientId,
    ClientSecret: config.GoogleClientSecret,
    RedirectURL:  config.GoogleLoginRedirectUrl,
    Endpoint:     google.Endpoint,
    Scopes:       []string{"email", "profile"},
}

accessToken, err := config.Exchange(ctx, req.Code)
if err != nil {
    log.Println(err.Error())   // Error here
}

推荐答案

问题不是Go引起的，而是Alpine映像。

The problem is not caused by Go but Alpine image.

默认Alpine映像没有证书，因此应用程序无法调用https地址（本例为 https://accounts.google.com/o/oauth2/token）。

Default Alpine image does not have certificates so the app cannot call to https address (this case is https://accounts.google.com/o/oauth2/token).

要解决此问题，请安装2个软件包 openssl 和 ca-证书。 Dockerfile中的示例：

To fix this problem, install 2 packages openssl and ca-certificates. Example in Dockerfile:

apk add --no-cache ca-certificates openssl

这篇关于无法从Docker容器内的Google API交换AccessToken的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！