Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oidcccl: HTTP client should respect timeouts #123605

Closed
dhartunian opened this issue May 3, 2024 · 1 comment
Closed

oidcccl: HTTP client should respect timeouts #123605

dhartunian opened this issue May 3, 2024 · 1 comment
Assignees
@pritesh-lahoti
Labels
C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. T-product-security

Comments

@dhartunian
Copy link
Collaborator

dhartunian commented May 3, 2024
edited by cockroach-jira-scripts
Loading

Describe the problem

Currently, the HTTP client used by the code in the OIDC feature does not respect any timeouts we might have set on our default http client.

Internal client timeout:

cockroach/pkg/util/httputil/client.go

Line 26 in a892ee8

const StandardHTTPTimeout time.Duration = 3 * time.Second

OIDC Provider:

cockroach/pkg/ccl/oidcccl/authentication_oidc.go

Line 259 in 44d7da5

provider, err := oidc.NewProvider(ctx, conf.providerURL)

Requests made here:

cockroach/pkg/ccl/oidcccl/authentication_oidc.go

Lines 226 to 230 in 44d7da5

func (o *oidcManager) Exchange(
ctx context.Context, s string, option ...oauth2.AuthCodeOption,
) (*oauth2.Token, error) {
return o.oauth2Config.Exchange(ctx, s, option...)
}

We should consider adding the timeout to the HTTP context, or overriding the client used in the OIDC library if possible.

Jira issue: CRDB-38416
@dhartunian dhartunian added C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. T-server-and-security DB Server & Security labels May 3, 2024
@BabuSrithar BabuSrithar mentioned this issue May 4, 2024
Closed
@pritesh-lahoti pritesh-lahoti mentioned this issue Jun 19, 2024
Merged
@pritesh-lahoti pritesh-lahoti changed the title oidc: HTTP client should respect timeouts oidcccl: HTTP client should respect timeouts Jun 19, 2024
@pritesh-lahoti pritesh-lahoti added T-product-security and removed T-server-and-security DB Server & Security labels Jul 1, 2024
@pritesh-lahoti pritesh-lahoti mentioned this issue Jul 2, 2024
Closed
@pritesh-lahoti
Copy link
Contributor

Fixed as part of #125767

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pritesh-lahoti pritesh-lahoti

Labels
C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. T-product-security
Projects
No open projects
DB Server & Security
Status: Done 21.2
Milestone
No milestone
Development

No branches or pull requests
4 participants
@BabuSrithar @dhartunian @pritesh-lahoti @souravcrl