Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(api-gateway): support proxy when fetching jwk for token validation #9013

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix(api-gateway): support proxy when fetching jwk for token validation #9013

wants to merge 2 commits into from
+3 −1

Conversation

johnsca
Copy link

@johnsca johnsca commented Dec 3, 2024

Check List

  • Tests has been run in packages where changes made if available
  • Linter has been run for changed code
  • Tests for the changes have been added if not covered yet
  • Docs have been added / updated if required

Description of Changes Made (if issue reference is not provided)

When fetching the JWK data needed to validate the auth token, the environment proxy settings are not honored.

@johnsca
fix(api-gateway): support proxy when fetching jwk for token validation
d2cc89b 
When fetching the JWK data needed to validate the auth token, the
environment proxy settings are not honored.
@johnsca johnsca requested a review from a team as a code owner December 3, 2024 20:19
@github-actions github-actions bot added the pr:community Contribution from Cube.js community members. label Dec 3, 2024
@igorlukanin
Copy link
Member

@johnsca Thanks for this contribution!

the environment proxy settings are not honored

Just to double check, which proxy settings exactly are not honored? Also, which platform are we talking about here?

@johnsca
Copy link
Author

johnsca commented Jan 10, 2025
edited
Loading

@igorlukanin

Just to double check, which proxy settings exactly are not honored? Also, which platform are we talking about here?

No proxy settings were being honored when using JWT authentication (specifically, when retrieving the JWK keys to validate the token). This was encountered when deploying Cube in an environment with restricted outbound traffic which requires request to the public internet to go out via a proxy for security reasons.

This PR uses ProxyAgent because it supports the HTTPS_PROXY and NO_PROXY env vars, which the lower-level HttpsProxyAgent used by getHttpAgentForProxySettings() doesn't appear to. It might be worth moving that code to ProxyAgent as well, as recommended by the proxy-agents README, but I wanted to keep this PR minimal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@KSDaemon KSDaemon

Labels
pr:community Contribution from Cube.js community members.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@johnsca @igorlukanin @KSDaemon