grist-core
grist-core copied to clipboard
Published
20 hours ago •
gristlabs
gristlabs
OIDC: allow configuring the request timeout
Context
I take up this PR: #1072 (open by @atropos112)
In some case, the identity provider may take time before responding to requests sent by the OIDC client, leading to difficulties or even impossibility to start the server or to login.
For example, if the issuer discovery takes time, you may fail to start the server with this error:
RPError: outgoing request timed out after 3500ms
at /home/florentpro/projects/grist-core/node_modules/openid-client/lib/helpers/request.js:137:13
at async Issuer.discover (/home/florentpro/projects/grist-core/node_modules/openid-client/lib/issuer.js:171:22)
at async OIDCConfig._initClient (/home/florentpro/projects/grist-core/_build/app/server/lib/OIDCConfig.js:246:24)
at async OIDCConfig.initOIDC (/home/florentpro/projects/grist-core/_build/app/server/lib/OIDCConfig.js:155:9)
at async OIDCConfig.build (/home/florentpro/projects/grist-core/_build/app/server/lib/OIDCConfig.js:104:9)
at async Object.getMiddleware (/home/florentpro/projects/grist-core/_build/app/server/lib/OIDCConfig.js:330:28)
at async FlexServer.addLoginMiddleware (/home/florentpro/projects/grist-core/_build/app/server/lib/FlexServer.js:1083:33)
at async main (/home/florentpro/projects/grist-core/_build/app/server/mergedServerMain.js:86:5)
at async main (/home/florentpro/projects/grist-core/_build/stubs/app/server/server.js:143:20)
Proposed solution
Introduce the GRIST_OIDC_SP_HTTP_TIMEOUT env variable so the user may set a greater value than the default 3500ms, or even set it to 0 to remove any timeout.
How to test it
I use this utility to add latency to the requests, so the openid-client requests may timeout: https://github.com/sitespeedio/throttle
Prerequisites:
- Install throttle (introduced with a link above):
npm i -g @sitespeed.io/throttle - Install
tc. On Debian-family Linux distros, you must install iproute2 for that:sudo apt install iproute2.
STR:
- Setup a Keycloak environment and use it
- Configure Grist to use Keycloak as IdP: https://github.com/gristlabs/grist-help/blob/master/help/en/docs/install/oidc.md#example-keycloak
- Use throttle to add the latency. I run it this way:
throttle --localhost --up 9000 --down 9000 --rtt 5000(the RTT is what matters here) - Then:
- to reproduce the issue:
yarn start, the server should fail to start with a timeout in the logs (see theContextsection above) - or
GRIST_OIDC_SP_HTTP_TIMEOUT=30000 yarn startto check that the problem is solved
- to reproduce the issue:
- Once you have finished testing, you may stop the latency:
throttle --localhost stop
Related issues
I also pave the way for #942
Has this been tested?
- [x] 👍 yes, I added tests to the test suite
- [ ] 💭 no, because this PR is a draft and still needs work
- [ ] 🙅 no, because this is not relevant here
- [ ] 🙋 no, because I need help
