Server/Auth: JWK URL timeout prevents startup of container

[browniefed]

Version Information

Server Version: v2.11.0-beta.1, 10.1 CLI Version (for CLI related issue): 2.11.0-beta.1

Environment

OSS, Container

What is the current behaviour?

The current behavior is if the JWK is unreachable, the container will never start.

What is the expected behaviour?

It would be ideal especially in dev mode to start the container, and then continue to attempt to resolve the jwk url. Sometimes I need to start Hasura, before the service providing the JWK is up and running.

How to reproduce the issue?

1. provide a jwk_url as the method for authentication that is unreachable
2. start the container
3. graphql engine fails to start

Screenshots or Screencast

Please provide any traces or logs that could help here.

el":"info","timestamp":"2022-08-18T04:14:17.911+0000","type":"startup"} digs-graphql-engine-1 | {"detail":{"error":null,"message":"refreshing JWK from endpoint: http://host.docker.internal:3000/api/auth/jwt/jwks.json"},"level":"info","timestamp":"2022-08-18T04:14:17.911+0000","type":"jwk-refresh-log"} digs-graphql-engine-1 | Error fetching JWK: ConnectionFailure Network.Socket.connect: <socket: 29>: does not exist (Connection refused) digs-graphql-engine-1 exited with code 1

Any possible solutions?

Can you identify the location in the source code where the problem exists?

If the bug is confirmed, would you be willing to submit a PR?

Keywords

[beasteers]

Yes this can be a problem for us. If Keycloak has an error, it brings down all of Hasura even though many of our users use the public role.