2018-09-15 05:27
浏览 111

无法从Docker容器内的Google API交换AccessToken

I have a web app written in Go, use oauth2 (package to sign user in by Google (follow this tutorial

When I test app on local, it works fine but when I deploy app and run inside a Docker container (base on alpine:latest, run binary file), it has an error: Post x509: certificate signed by unknown authority

Here is my code to exchange the accessToken:

ctx = context.Background()

config := &oauth2.Config{
    ClientID:     config.GoogleClientId,
    ClientSecret: config.GoogleClientSecret,
    RedirectURL:  config.GoogleLoginRedirectUrl,
    Endpoint:     google.Endpoint,
    Scopes:       []string{"email", "profile"},

accessToken, err := config.Exchange(ctx, req.Code)
if err != nil {
    log.Println(err.Error())   // Error here
  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • douzha5990 2018-09-19 03:17

    The problem is not caused by Go but Alpine image.

    Default Alpine image does not have certificates so the app cannot call to https address (this case is

    To fix this problem, install 2 packages openssl and ca-certificates. Example in Dockerfile:

    apk add --no-cache ca-certificates openssl
    解决 无用
    打赏 举报
  • douqian4411 2018-09-15 08:18

    You will need to add the Google Issuing CA certificate to the trusted cert store of the docker image.

    The Google CA cert is this .

    More info on the certificate can be found from here

    Then within the Dockerfile , you will need to do something like this

    cp GIAG2.crt /usr/local/share/ca-certificates/GIAG2.crt
    解决 无用
    打赏 举报

相关推荐 更多相似问题