azure-activedirectory-identitymodel-extensions-for-dotnet icon indicating copy to clipboard operation
azure-activedirectory-identitymodel-extensions-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

[Feature] Allow specifying the HTTP protocol version and version policy

Open prochnowc opened this issue 1 year ago • 2 comments

Allow specifying the HTTP protocol version and version policy

Allow specifying the HTTP protocol version and version policy when retrieving documents from eg. discovery endpoints.

Description

The PR allows users of HttpDocumentRetriever (for example the ConfigurationManager) to specify the HTTP version and version policy used when sending HTTP requests.

The version and policy can bei either specified explicitly via properties on HttpDocumentRetrieve or implicitly via HttpClient.

When using .NET 6 and no explicit values have been set, the default version and policy from the HttpClient is used. This allows users of OpenID connect authentication to easily setup the HTTP version and policy by configuring the HttpClient of the Backchannel.

Fixes #2808

prochnowc avatar Sep 04 '24 09:09 prochnowc

@microsoft-github-policy-service agree

prochnowc avatar Sep 04 '24 09:09 prochnowc

Also fixes #1980

prochnowc avatar Sep 04 '24 13:09 prochnowc

@pmaytak

Getting the configuration with HTTP 2 doesn't seem to work and returns this error:

System.Net.Http.HttpRequestException: 'Requesting HTTP version 2.0 with version policy RequestVersionExact while unable to establish HTTP/2 connection.'

I used this test case and set version to 2.0 and policy to RequestVersionExact.

I added

                #if NET6_0_OR_GREATER
                documentRetriever.HttpVersionPolicy = HttpVersionPolicy.RequestVersionExact;
                documentRetriever.HttpVersion = new Version(2,0);
                #endif

after Line 90 and all tests are green for me.

prochnowc avatar Jan 02 '25 10:01 prochnowc

@pmaytak

Getting the configuration with HTTP 2 doesn't seem to work and returns this error:

System.Net.Http.HttpRequestException: 'Requesting HTTP version 2.0 with version policy RequestVersionExact while unable to establish HTTP/2 connection.'

I used this test case and set version to 2.0 and policy to RequestVersionExact.

I added

                #if NET6_0_OR_GREATER
                documentRetriever.HttpVersionPolicy = HttpVersionPolicy.RequestVersionExact;
                documentRetriever.HttpVersion = new Version(2,0);
                #endif

after Line 90 and all tests are green for me.

Hmm. GetMetadataTest fails for me on NET 6/8/9 with the above error; succeeds on NET 462/472. However, HttpVersionTest fails on NET 462/472 because HttpResponseMesssage.Content is null; succeeds on NET6/8/9 because Content defaults to EmptyContent. I ran the tests through VS Test Explorer and dotnet test. Did you run the tests on all frameworks?

pmaytak avatar Jan 03 '25 05:01 pmaytak

I fixed HttpVersionTest.

About the HTTP/2 exception, are you behind a corporate firewall which disallows HTTP/2 connections? Can you try Invoke-WebRequest -HttpVersion 2 https://login.microsoftonline.com/common/.well-known/openid-configuration in PowerShell and see if RawContent contains HTTP/2.0 200 OK ?

prochnowc avatar Jan 03 '25 11:01 prochnowc

I fixed HttpVersionTest.

About the HTTP/2 exception, are you behind a corporate firewall which disallows HTTP/2 connections? Can you try Invoke-WebRequest -HttpVersion 2 https://login.microsoftonline.com/common/.well-known/openid-configuration in PowerShell and see if RawContent contains HTTP/2.0 200 OK ?

Any news @pmaytak ?

prochnowc avatar Jan 10 '25 09:01 prochnowc

@prochnowc Can you please provide details for jmprieur's quesitons:

https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809#pullrequestreview-2526739364

pmaytak avatar Jan 14 '25 09:01 pmaytak

Why is this feature needed? What are the pain points? What are the scenarios?

This feature allows using HTTP/2 for discovery endpoints. HTTP/2's multiplexing allows multiple metadata requests (e.g., for .well-known/openid-configuration or JSON Web Keys (JWKs)) to be handled concurrently without needing multiple connections. It also reduces the size of the HTTP headers (because of compression) used in OIDC requests and responses, leading to faster exchanges.

These optimizations minimize redundant network traffic, reduce the number of required connections, and compress transmitted data.

prochnowc avatar Jan 14 '25 14:01 prochnowc

@pmaytak Any issues left?

prochnowc avatar Jan 28 '25 07:01 prochnowc

I fixed HttpVersionTest.

About the HTTP/2 exception, are you behind a corporate firewall which disallows HTTP/2 connections? Can you try Invoke-WebRequest -HttpVersion 2 https://login.microsoftonline.com/common/.well-known/openid-configuration in PowerShell and see if RawContent contains HTTP/2.0 200 OK ?

The tests worked on my local machine. On my VM the PowerShell command was successful but the tests still failed. Not sure why.

pmaytak avatar Jan 28 '25 09:01 pmaytak

@prochnowc Can you please help fix the project - the Protocols project doesn't build for me, since there are some public API analyzer errors.

pmaytak avatar Jan 30 '25 19:01 pmaytak

@pmaytak

@prochnowc Can you please help fix the project - the Protocols project doesn't build for me, since there are some public API analyzer errors.

Fixed.

prochnowc avatar Feb 03 '25 09:02 prochnowc

@prochnowc This will be included in this week's release. Thanks for your contribution and for sticking with this. Sorry it took a bit long to merge.

pmaytak avatar Feb 06 '25 22:02 pmaytak