Getting timeout when invoking external rest endpoint using http:Client with tls

[Ashi1993]

Description: I am trying to incoke WSO2 IS token endpoint deployed locally via a ballerina service. I am using the ballerina http:Client to invoke the api but I am getting a timeout even before the SSL handshake.

Error time=2024-09-13T16:26:13.990+05:30 level=ERROR module=ballerina/http message="unhandled error returned from the service" error={"causes":[{"message":"Connection timeout: localhost/127.0.0.1:9446","detail":{},"stackTrace":[]}],"message":"Something wrong with the connection","detail":{},"stackTrace":[]} path="/xs2a/v1/appToken?clientId=PSDGB-OB-Unknown0015800001HQQrZAAX&redirect_uri=https://www.google.com&scopes=accounts%20openid" method="GET"

Steps to reproduce: Write a ballerina service and use httpClient to perform the rest call. Below is the resource function I wrote.

resource function get appToken(string clientId, string redirect_uri, string scopes) returns string|error {
        // Send a response back to the caller.

        string jwt = getClientAssertion(clientId);
        map<string> data = {
            "client_assertion": jwt,
            "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
            "redirect_uri": redirect_uri,
            "scope": scopes,
            "grant_type": "client_credentials",
            "client_id": clientId
        };

        // log:printInfo("Payload: " + data.toString());

        http:Client tokenClient = check new ("https://localhost:9446",
            secureSocket = {
                key: {
                    certFile: "resources/qseal.crt",
                    keyFile: "resources/qseal.key"
                }
            },
            httpVersion = http:HTTP_1_1,
            followRedirects = {enabled: true}

        );

        json getResponse = check tokenClient->post("/oauth2/token",
                                        data,
                                        mediaType = "application/x-www-form-urlencoded");
        log:printInfo(getResponse.toJsonString());
        return getResponse.toJsonString();
    }

Try to invoke the API through postman by invokeing http://localhost:9090/xs2a/v1/appToken?clientId=PSDGB-OB-Unknown0015800001HQQrZAAX&redirect_uri=https://www.google.com&scopes=accounts openid

Affected Versions:

OS, DB, other environment details and versions:

Related Issues (optional):

Suggested Labels (optional):

Suggested Assignees (optional):

[TharmiganK]

Can you try increasing the connection timeout(default is 15s):

http:Client tokenClient = check new ("https://localhost:9446",
    secureSocket = {
        key: {
            certFile: "resources/qseal.crt",
            keyFile: "resources/qseal.key"
        }
    },
    httpVersion = http:HTTP_1_1,
    followRedirects = {enabled: true},
    socketConfig = {
        connectTimeOut: 60
    }
);

[TharmiganK]

Also can you provide the steps to run the WSO2 IS token endpoint with your configurations?

[Ashi1993]

Hi,

The API works after disabling secure socket in HTTP Client as mentioned in [1]. Thank you for the quick responses.

[1] https://github.com/wso2-enterprise/internal-support-ballerina/issues/780#issuecomment-2348855080

Regards, Ashirwada

[github-actions[bot]]

This issue is NOT closed with a proper Reason/ label. Make sure to add proper reason label before closing. Please add or leave a comment with the proper reason label now.

      - Reason/EngineeringMistake - The issue occurred due to a mistake made in the past.
      - Reason/Regression - The issue has introduced a regression.
      - Reason/MultipleComponentInteraction - Issue occured due to interactions in multiple components.
      - Reason/Complex - Issue occurred due to complex scenario.
      - Reason/Invalid - Issue is invalid.
      - Reason/Other - None of the above cases.