I have a node server which needs to connect to an IAP (Identity Aware Proxy) protected API endpoint. The below example from Google seems to be fine expect for the certificate has expired error. I believe I simply need to send rejectUnauthorized: false along with the request, but I am not sure how to implement it.
I was able to force it to work with adding process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; but it is my understanding that this option is more insecure compared to rejectUnauthorized: false. Any insight?
'use strict';
const {JWT} = require('google-auth-library');
const keys = require('./jwt.keys.json');
const oauth2Keys = require('./iap.keys.json');
async function main() {
const clientId = oauth2Keys.web.client_id;
const client = new JWT({
email: keys.client_email,
key: keys.private_key,
additionalClaims: {target_audience: clientId},
});
const url = `https://iap-demo-dot-el-gato.appspot.com`;
const res = await client.request({url});
console.log(res.data);
}
main().catch(console.error);
Link to the Google Example: https://github.com/googleapis/google-auth-library-nodejs/blob/502f43e651d7ccbd1cc19de513d5f5af5008ac03/samples/iap.js
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; disables the SSL certificate check.