Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TT-5777] Fix JWK fetch doesn't support proxy configuration from environment (#4102) #6474

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[TT-5777] Fix JWK fetch doesn't support proxy configuration from environment (#4102) #6474

wants to merge 1 commit into from

Conversation

jonathanfoster
Copy link

Description

This PR fixes a bug in the JWT middleware that causes the JWK fetch process to not honor HTTP proxy environment variables.

Related Issue

Motivation and Context

In restricted corporate environments, it's common to require all HTTP traffic go through a proxy server. The default transport pulls proxy settings from the standard environment variables, but it looks like this was inadvertently removed to support disabling TLS cert verification when fetching JWK sets. This fix restores the ability to support standard proxy environment variables.

How This Has Been Tested

All JWT middleware unit tests pass. I didn't add unit tests for this functionality because http.ProxyFromEnvironment caches the config making tests that rely on env vars very flaky.

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

  • I ensured that the documentation is up to date
  • I explained why this PR updates go.mod in detail with reasoning why it's required
  • I would like a code coverage CI quality gate exception and have explained why

@jonathanfoster jonathanfoster force-pushed the fix-jwk-fetch-no-proxy branch 4 times, most recently from 9bd4c82 to 57bf8d7 Compare August 30, 2024 01:57
@jonathanfoster
Copy link
Author

@jeffy-mathew Anything you need from me for the review? Happy to help however I can.

@jonathanfoster jonathanfoster force-pushed the fix-jwk-fetch-no-proxy branch 2 times, most recently from e2eb983 to ff91633 Compare September 26, 2024 03:09
sedkis
sedkis approved these changes Oct 29, 2024
View reviewed changes
Copy link
Contributor

@sedkis sedkis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - non-breaking changes, backwards compatible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sedkis sedkis sedkis approved these changes

@jeffy-mathew jeffy-mathew Awaiting requested review from jeffy-mathew

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonathanfoster @sedkis