使用Node证书的Google IAP已过期错误?

时间:2019-03-13 13:36:46

标签: node.js google-cloud-platform google-auth-library google-auth-library-nodejs

我有一个节点服务器,它需要连接到受IAP(身份识别代理)保护的API端点。以下来自Google的示例似乎很好地期望了certificate has expired错误。我相信我只需要随请求一起发送rejectUnauthorized: false,但不确定如何实现。

更新

我能够强迫它与添加process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';一起使用,但是据我了解,与rejectUnauthorized: false相比,此选项更加不安全。有见识吗?

'use strict';

const {JWT} = require('google-auth-library');

const keys = require('./jwt.keys.json');
const oauth2Keys = require('./iap.keys.json');

async function main() {
  const clientId = oauth2Keys.web.client_id;
  const client = new JWT({
    email: keys.client_email,
    key: keys.private_key,
    additionalClaims: {target_audience: clientId},
  });
  const url = `https://iap-demo-dot-el-gato.appspot.com`;
  const res = await client.request({url});
  console.log(res.data);
}

main().catch(console.error);

链接到Google示例:https://github.com/googleapis/google-auth-library-nodejs/blob/502f43e651d7ccbd1cc19de513d5f5af5008ac03/samples/iap.js

1 个答案:

答案 0 :(得分:1)

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';禁用SSL证书检查。