Open vishal423 opened 2 years ago
Hey @vishal423!
When we see this problem (on the Okta side) it's typically a network configuration issue where your application is running (usually some sort of proxy or other network appliance).
That said, if you have checked your network and still have an issue, you should be able to configure any timeouts by doing something like this (NOTE: this block of code has not been tested):
@Configuration
public class WebConfig extends WebSecurityConfigurerAdapter {
private final OAuth2ResourceServerProperties oAuth2ResourceServerProperties;
WebConfig(OAuth2ResourceServerProperties oAuth2ResourceServerProperties) {
this.oAuth2ResourceServerProperties = oAuth2ResourceServerProperties;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
NimbusJwtDecoder.JwkSetUriJwtDecoderBuilder builder = NimbusJwtDecoder.withJwkSetUri(oAuth2ResourceServerProperties.getJwt().getJwkSetUri());
builder.restOperations(<Your Custom RestOperations with timeouts>);
http.authorizeRequests().anyRequest().authenticated();
http.oauth2ResourceServer().jwt().decoder(builder.build());
}
}
Thanks @bdemers for the suggestion. Unfortunately, it's not that straightforward as we use JwtDecoders
to prepare the NimbusJwtDecoder
and don't have control to override the rest operations to specify a timeout. There was a similar issue reported highlighting the inability to override timeouts in spring-projects/spring-security#10610 however, was closed with documentation reference listing suggestions like yours.
@vishal423, Were you able to confirm there were no network issues? (firewalls, proxies, etc)?
If your code is generated similar to this:
https://github.com/jhipster/generator-jhipster/blob/980ca577b72a846208d2fec0d85267a995bc8e53/generators/server/templates/src/main/java/package/config/SecurityConfiguration.java.ejs#L327-L342
You should be able to inject a RestTemplateBuilder
(which supports timeouts).
@bdemers, I don't see any issue with my network configuration (no proxy, Linux env). I feel it's network latency to reach out to Auth0/Okta endpoints from India on a decent Wifi connection.
I am trying to follow up with @jgrandja on this. So far it seems we need to rewrite most of the code ourselves to make it work. You can refer to https://github.com/spring-projects/spring-security/issues/10610#issuecomment-1013657473 for the exact code point causing this issue and that can't be addressed with customization of RestTemplateBuilder
.
@vishal423 Have you solved this problem yet ?
I have the sample problem as you. Could u help me to solve this ?
Overview of the issue
The default timeout configured by Spring security is ~500ms. On a slow internet connection, it's rare to get the response within this threshold limit. Since JHipster supports Okta/Auth0 integration, it would be cool to provide an easy way to configure this.
Stack trace:
Motivation for or Use Case
I can't use Okta/Auth0 with JHipster
Reproduce the error
Related issues
https://github.com/spring-projects/spring-security/issues/4474
Suggest a Fix
JHipster Version(s)
Main
JHipster configuration
Entity configuration(s)
entityName.json
files generated in the.jhipster
directoryBrowsers and Operating System