Sign In Failed: TimeoutError: Timeout awaiting 'request' for 2500ms

magda-io / magda-auth-oidc

A Generic Magda OpenID Connect Auth Plugin

Apache License 2.0

0 stars 0 forks source link

Sign In Failed: TimeoutError: Timeout awaiting 'request' for 2500ms #1

Closed SamuelBradley closed 1 year ago

SamuelBradley commented 3 years ago

Getting error when attempting to login using an OIDC connection. Sign In Failed: TimeoutError: Timeout awaiting 'request' for 2500ms

Happens consistently on the first login attempt and usually works on the second attempt, with an OIDC connection to AWS Cognito. Doing some searching around the internets It may be linked to a default value in an OIDC middleware library. (https://devforum.okta.com/t/timeouterror-timeout-awaiting-request-for-2500ms/9878/5) Is the only related post on this issue I could find.

I've tried setting the timeout value for this plugin, but the default value of 10000ms already far exceeds the value cause an error.

SamuelBradley commented 3 years ago

We are using version 1.1.0 of the plugin

- name: magda-auth-oidc
    version: 1.1.0
    repository: https://charts.magda.io
    tags:
      - all
      - magda-auth-oidc

t83714 commented 3 years ago

AWS cognito is not a standard OIDC implementation --- its implementation seems have some bug with URL encoding and incorrectly generate "nonce" when federate Active Directory. We internally have a customised version to accommodate those issues --- I might release it sometime in future after make it more generic (it won't be in short term) For your error, I suspect it's a different issue.

Have you add the OIDC issuer in your Magda config? Could you please provide your config?

SamuelBradley commented 3 years ago

Thanks for the response this is our OIDC magda config

# Cognito OIDC config
# Note: `issuer` & `clientId` are supplied through the `magda-oidc-config` secret
magda-auth-oidc:
  authPluginConfig:
    name: "XT Users"
  issuerName: "xt-dev-cognito-oidc"
  scope: "openid email"
  timeout: 10000

t83714 commented 3 years ago

I don't think you can supplied "issuer" via secret? It's passing from config here: https://github.com/magda-io/magda-auth-oidc/blob/ae58b512a61b097891054163e77265f122f769b5/deploy/magda-auth-oidc/templates/deployment.yaml#L54

t83714 commented 3 years ago

@SamuelBradley I think this PR: https://github.com/magda-io/magda-auth-oidc/pull/3 might fix your timeout issue. Could you please have a test to see if it solves your issue? Thanks! You can use test release version 1.2.2-alpha.0 to test it.