Google IAP using Node certificate has expired error?

Question

I have a node server which needs to connect to an IAP (Identity Aware Proxy) protected API endpoint. The below example from Google seems to be fine expect for the certificate has expired error. I believe I simply need to send rejectUnauthorized: false along with the request, but I am not sure how to implement it.

Update

I was able to force it to work with adding process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; but it is my understanding that this option is more insecure compared to rejectUnauthorized: false. Any insight?

'use strict';

const {JWT} = require('google-auth-library');

const keys = require('./jwt.keys.json');
const oauth2Keys = require('./iap.keys.json');

async function main() {
  const clientId = oauth2Keys.web.client_id;
  const client = new JWT({
    email: keys.client_email,
    key: keys.private_key,
    additionalClaims: {target_audience: clientId},
  });
  const url = `https://iap-demo-dot-el-gato.appspot.com`;
  const res = await client.request({url});
  console.log(res.data);
}

main().catch(console.error);

Link to the Google Example: https://github.com/googleapis/google-auth-library-nodejs/blob/502f43e651d7ccbd1cc19de513d5f5af5008ac03/samples/iap.js

Can you post the details on the expired certificate? I am interested in `Issued to`, `Isued by` and `Valid from` fields plus the exact error message. — John Hanley, Mar 13 '19 at 19:31

score 1 · Accepted Answer · answered Mar 18 '19 at 13:38

1

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; disables the SSL certificate check.

answered Mar 18 '19 at 13:38

lukechambers91

691
1
6
21

Google IAP using Node certificate has expired error?

Update

1 Answers1