Skip to content

On a slow internet connection, Okta/Auth0 JWK retrieval API fails with socket timeout #17550

Description

@vishal423
Overview of the issue

The default timeout configured by Spring security is ~500ms. On a slow internet connection, it's rare to get the response within this threshold limit. Since JHipster supports Okta/Auth0 integration, it would be cool to provide an easy way to configure this.

Stack trace:

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.jwt.JwtDecoder]: Factory method 'jwtDecoder' threw exception; nested exception is java.lang.IllegalStateException: com.nimbusds.jose.RemoteKeySourceException: Couldn't retrieve remote JWK set: Read timed out
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653)
        ... 58 common frames omitted
Caused by: java.lang.IllegalStateException: com.nimbusds.jose.RemoteKeySourceException: Couldn't retrieve remote JWK set: Read timed out
        at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getSignatureAlgorithms(JwtDecoderProviderConfigurationUtils.java:107)
        at org.springframework.security.oauth2.jwt.JwtDecoders.withProviderConfiguration(JwtDecoders.java:122)
        at org.springframework.security.oauth2.jwt.JwtDecoders.fromOidcIssuerLocation(JwtDecoders.java:66)
        at com.jhipster.demo.blog.config.SecurityConfiguration.jwtDecoder(SecurityConfiguration.java:157)
        at com.jhipster.demo.blog.config.SecurityConfiguration$$EnhancerBySpringCGLIB$$fa1ed3e7.CGLIB$jwtDecoder$1(<generated>)
        at com.jhipster.demo.blog.config.SecurityConfiguration$$EnhancerBySpringCGLIB$$fa1ed3e7$$FastClassBySpringCGLIB$$dc54e730.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
        at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331)
        at com.jhipster.demo.blog.config.SecurityConfiguration$$EnhancerBySpringCGLIB$$fa1ed3e7.jwtDecoder(<generated>)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:568)
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
        ... 59 common frames omitted
Caused by: com.nimbusds.jose.RemoteKeySourceException: Couldn't retrieve remote JWK set: Read timed out
        at com.nimbusds.jose.jwk.source.RemoteJWKSet.updateJWKSetFromURL(RemoteJWKSet.java:167)
        at com.nimbusds.jose.jwk.source.RemoteJWKSet.get(RemoteJWKSet.java:260)
        at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getSignatureAlgorithms(JwtDecoderProviderConfigurationUtils.java:90)
        ... 72 common frames omitted
Caused by: java.net.SocketTimeoutException: Read timed out
        at java.base/sun.nio.ch.NioSocketImpl.timedRead(NioSocketImpl.java:283)
        at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:309)
        at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350)
        at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803)
Motivation for or Use Case

I can't use Okta/Auth0 with JHipster

Reproduce the error
  • Generate OIDC monolithic application and override configurations to use Auth0/Okta.
  • Start server in development mode and notice above error
Related issues

spring-projects/spring-security#4474

Suggest a Fix
JHipster Version(s)

Main

JHipster configuration
Entity configuration(s) entityName.json files generated in the .jhipster directory
Browsers and Operating System
  • Checking this box is mandatory (this is just to show you read everything)

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions