I’m new to fly.io. I just posted my first app, which is really simple golang app that just displays a webpage and allows a user to log in using Google. It works fine on my local machine as well as on a dedicated VM hosted on Google Cloud.
When I tried running it on fly.io, though, I got an error saying the certificate is signed by an unknown authority. The error occurred during the Exchange step.
I modified my code to accept untrusted certificates and now it works fine. I’m wondering if something is happening between my fly.io app and Google? It almost looks like a man-in-the-middle attack. If it’s helpful, here’s the code:
func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
log.Println("handleGoogleCallback")
c := googleOauthConfig()
state := r.FormValue("state")
if state != oauthStateString {
log.Printf("invalid oauth state, expected '%s', got '%s'\n", oauthStateString, state)
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
code := r.FormValue("code")
log.Printf("Code: %s", code)
log.Printf("Config: %+v", c)
// Custom HTTP client with TLS config (this is needed to avoid the certificate error)
httpClient := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // Skip TLS verification
},
}
// Use custom HTTP client in OAuth2 exchange
ctx := context.WithValue(context.Background(), oauth2.HTTPClient, httpClient)
token, err := c.Exchange(ctx, code)
//token, err := c.Exchange(context.Background(), code)
if err != nil {
log.Printf("Code exchange failed: %s", err.Error())
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
response, err := httpClient.Get("https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + token.AccessToken)
if err != nil {
log.Printf("Failed getting user info: %s", err.Error())
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
defer response.Body.Close()
var userInfo struct {
Email string `json:"email"`
}
json.NewDecoder(response.Body).Decode(&userInfo)
s := new(Session)
s.Token = *token
s.Email = userInfo.Email
err = s.Set(w)
if err != nil {
log.Printf("Failed to set session: %s", err.Error())
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
}