From 13ae547d203ee51d1dafd82ebd7ac105faaa1ee7 Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Sat, 8 May 2021 12:33:00 +0200
Subject: [PATCH] Revert "fix: init introspect http client once (#714)"

This reverts commit e203ad14ac0e78909e7d42aa214c47a708a7c136.
---
 .../authenticator_oauth2_introspection.go     | 69 +++++++++----------
 ...authenticator_oauth2_introspection_test.go |  6 +-
 2 files changed, 35 insertions(+), 40 deletions(-)

diff --git a/pipeline/authn/authenticator_oauth2_introspection.go b/pipeline/authn/authenticator_oauth2_introspection.go
index 36fbeedf7e..8ef830b43f 100644
--- a/pipeline/authn/authenticator_oauth2_introspection.go
+++ b/pipeline/authn/authenticator_oauth2_introspection.go
@@ -70,7 +70,8 @@ type AuthenticatorOAuth2Introspection struct {
 }
 
 func NewAuthenticatorOAuth2Introspection(c configuration.Provider, logger *logrusx.Logger) *AuthenticatorOAuth2Introspection {
-	return &AuthenticatorOAuth2Introspection{c: c, logger: logger}
+	var rt http.RoundTripper
+	return &AuthenticatorOAuth2Introspection{c: c, client: httpx.NewResilientClientLatencyToleranceSmall(rt), logger: logger}
 }
 
 func (a *AuthenticatorOAuth2Introspection) GetID() string {
@@ -261,49 +262,47 @@ func (a *AuthenticatorOAuth2Introspection) Config(config json.RawMessage) (*Auth
 		return nil, NewErrAuthenticatorMisconfigured(a, err)
 	}
 
-	if a.client == nil {
-		a.logger.Debug("Initializing http client")
-		var rt http.RoundTripper
-		if c.PreAuth != nil && c.PreAuth.Enabled {
-			var ep url.Values
+	var rt http.RoundTripper
 
-			if c.PreAuth.Audience != "" {
-				ep = url.Values{"audience": {c.PreAuth.Audience}}
-			}
+	if c.PreAuth != nil && c.PreAuth.Enabled {
+		var ep url.Values
 
-			rt = (&clientcredentials.Config{
-				ClientID:       c.PreAuth.ClientID,
-				ClientSecret:   c.PreAuth.ClientSecret,
-				Scopes:         c.PreAuth.Scope,
-				EndpointParams: ep,
-				TokenURL:       c.PreAuth.TokenURL,
-			}).Client(context.Background()).Transport
+		if c.PreAuth.Audience != "" {
+			ep = url.Values{"audience": {c.PreAuth.Audience}}
 		}
 
-		if c.Retry == nil {
-			c.Retry = &AuthenticatorOAuth2IntrospectionRetryConfiguration{Timeout: "500ms", MaxWait: "1s"}
-		} else {
-			if c.Retry.Timeout == "" {
-				c.Retry.Timeout = "500ms"
-			}
-			if c.Retry.MaxWait == "" {
-				c.Retry.MaxWait = "1s"
-			}
-		}
-		duration, err := time.ParseDuration(c.Retry.Timeout)
-		if err != nil {
-			return nil, err
-		}
-		timeout := time.Millisecond * duration
+		rt = (&clientcredentials.Config{
+			ClientID:       c.PreAuth.ClientID,
+			ClientSecret:   c.PreAuth.ClientSecret,
+			Scopes:         c.PreAuth.Scope,
+			EndpointParams: ep,
+			TokenURL:       c.PreAuth.TokenURL,
+		}).Client(context.Background()).Transport
+	}
 
-		maxWait, err := time.ParseDuration(c.Retry.MaxWait)
-		if err != nil {
-			return nil, err
+	if c.Retry == nil {
+		c.Retry = &AuthenticatorOAuth2IntrospectionRetryConfiguration{Timeout: "500ms", MaxWait: "1s"}
+	} else {
+		if c.Retry.Timeout == "" {
+			c.Retry.Timeout = "500ms"
 		}
+		if c.Retry.MaxWait == "" {
+			c.Retry.MaxWait = "1s"
+		}
+	}
+	duration, err := time.ParseDuration(c.Retry.Timeout)
+	if err != nil {
+		return nil, err
+	}
+	timeout := time.Millisecond * duration
 
-		a.client = httpx.NewResilientClientLatencyToleranceConfigurable(rt, timeout, maxWait)
+	maxWait, err := time.ParseDuration(c.Retry.MaxWait)
+	if err != nil {
+		return nil, err
 	}
 
+	a.client = httpx.NewResilientClientLatencyToleranceConfigurable(rt, timeout, maxWait)
+
 	if c.Cache.TTL != "" {
 		cacheTTL, err := time.ParseDuration(c.Cache.TTL)
 		if err != nil {
diff --git a/pipeline/authn/authenticator_oauth2_introspection_test.go b/pipeline/authn/authenticator_oauth2_introspection_test.go
index f38ea259a7..6d09c8ad39 100644
--- a/pipeline/authn/authenticator_oauth2_introspection_test.go
+++ b/pipeline/authn/authenticator_oauth2_introspection_test.go
@@ -555,12 +555,8 @@ func TestAuthenticatorOAuth2Introspection(t *testing.T) {
 				tc.config, _ = sjson.SetBytes(tc.config, "introspection_url", ts.URL+"/oauth2/introspect")
 				tc.config, _ = sjson.SetBytes(tc.config, "pre_authorization.token_url", ts.URL+"/oauth2/token")
 
-				//reinitialize authenticator so client will be reinitialized in authenticator
-				reg := internal.NewRegistry(conf)
-				a, err := reg.PipelineAuthenticator("oauth2_introspection")
-
 				sess := new(AuthenticationSession)
-				err = a.Authenticate(tc.r, sess, tc.config, nil)
+				err := a.Authenticate(tc.r, sess, tc.config, nil)
 				if tc.expectErr {
 					require.Error(t, err)
 					if tc.expectExactErr != nil {