Current https-proxy-agent dependency causes issues with unrelated code

[rytmis]

Version: 4.3.0
Behavior: Unrelated code breaks because requests are being redirected to localhost

The issue I'm seeing is panva/node-openid-client#301 (I'm trying to refresh tokens originally obtained via passport-azure-ad). Requests made via openid-client are categorically redirected to localhost instead of the intended address. This is a bug in an upstream dependency of passport-azure-ad that directly patches core node functionality when loaded.

The source of the problem is documented at TooTallNate/node-agent-base#35. Basically, the mere existence of an old version of agent-base may break other libraries by redirecting https requests to localhost instead of where they were meant to go.

Unfortunately the upstream fix was released in a major version upgrade, so in order to get the fix, it seems necessary to upgrade the https-proxy-agent dependency used by passport-azure-ad.

Here is the dependency tree, for reference:

D:\Projects\[redacted]> npm ls agent-base
[redacted]@[version] D:\Projects\[redacted]
`-- passport-azure-ad@4.3.0
  `-- https-proxy-agent@2.2.4
    `-- agent-base@4.3.0 

[jasonnutter]

@rytmis Thanks for the info, we'll take a look at this.

[rytmis]

FYI, I just tried using npm-force-resolutions to bump both https-proxy-agent and agent-base to their latest versions, and the issue went away.

[sameerag]

@pkanher617 May be we want to patch this in the older version?

[jo-arroyo]

Closing as passport-azure-ad is in maintenance and will no longer receive updates. Future middleware scenarios will be built on top of msal-node. Keep an eye out for msal-node updates.