Enhancement: OpenId Configuration http proxy support

[schnaker85]

What features would you like to see added?

Currently, the openid configuration does not allow to set a http proxy, nor the PROXY, HTTP_PROXY, HTTPS_PROXY environment variable is taken into account.

This results in the error msg if no connection can be established directly:
{"level":"error","message":"[openidStrategy] outgoing request timed out after 3500ms","name":"RPError","stack":"RPError: outgoing request timed out after 3500ms\n at /app/node_modules/openid-client/lib/helpers/request.js:140:13\n at async Issuer.discover (/app/node_modules/openid-client/lib/issuer.js:143:22)\n at async setupOpenId (/app/api/strategies/openidStrategy.js:69:20)","timestamp":"2024-06-12T08:07:29.863Z"}

We would like to be able to configure a dedicated proxy for the OPENID integration or use the existing PROXY environment variable.

A suitable solution could also be to have a new configuration variable OPENID_PROXY=my-proxy:8080 to be independent of the other PROXY settings.

More details

The code could be enhanced at openIdStrategy.js

Using the proposed configuration of the node-openid-client docs.

// use HTTP(S)_PROXY
// https://nodejs.org/api/http.html#httprequesturl-options-callback
// e.g. using https://www.npmjs.com/package/proxy-agent
// result.agent = agent;

We did also consider the the solution of the discussion 1264, but we can not / do not want rebuild the project.

I would love to provide a Pull-request for this feature but I am not able to provide javascript code.

Which components are impacted by your request?

General, Other

Pictures

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[btribonde]

Hello,
I have exactly the same issue.

What i did change in openidStrategy

Line 5 ->

(-)

const { Issuer, Strategy: OpenIDStrategy} = require('openid-client');

(+)

const { Issuer, Strategy: OpenIDStrategy, custom } = require('openid-client');
const { HttpsProxyAgent } = require('https-proxy-agent');

Line 70 -> (insert before const issuer = await Issuer.discover(process.env.OPENID_ISSUER);

Assuming PROXY is correctly configured in .env, but this should probably be the case if you have this issue.

(+)

    if (process.env.PROXY) {
        const proxyAgent = new HttpsProxyAgent(process.env.PROXY);
        custom.setHttpOptionsDefaults({
            agent: proxyAgent
        });
        logger.info(`[openidStrategy] proxy agent added: ${process.env.PROXY}`);
    }

Using docker-compose, it seems we can override the file without needing to build the project so easy to try.

For services -> api:

    volumes:
      - type: bind
        source: ./.env
        target: /app/.env
      - ./images:/app/client/public/images
      - ./logs:/app/api/logs
      - ./openidStrategy.js:/app/api/strategies/openidStrategy.js

I will provide a pull request about this

Regards