Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use hostname instead of host when creating request #233

Merged
merged 1 commit into from Mar 22, 2021
Merged

Use hostname instead of host when creating request #233

merged 1 commit into from Mar 22, 2021

Conversation

cjlpowers
Copy link
Contributor

@cjlpowers cjlpowers commented Mar 15, 2021
edited

Description

It is common to host services on different ports during development / testing. I noticed a DNS failure when the jwks endpoint was served with a port. For example http://localhost:3000/oidc/jwks.

The fix is to use hostname instead of host when constructing the request.
You can see the difference between host and hostname in the scenarios below.

urlUtil.parse('http://localhost:3000/oidc/jwks')
{
  protocol: "http:",
  slashes: true,
  auth: null,
  host: "localhost:3000",
  port: "3000",
  hostname: "localhost",
  hash: null,
  search: null,
  query: null,
  pathname: "/oidc/jwks",
  path: "/oidc/jwks",
  href: "http://localhost:3000/oidc/jwks",
}

urlUtil.parse('http://localhost/oidc/jwks')
{
  protocol: "http:",
  slashes: true,
  auth: null,
  host: "localhost",
  port: null,
  hostname: "localhost",
  hash: null,
  search: null,
  query: null,
  pathname: "/oidc/jwks",
  path: "/oidc/jwks",
  href: "http://localhost/oidc/jwks",
}

urlUtil.parse('http://127.0.0.1:3000/oidc/jwks')
{
  protocol: "http:",
  slashes: true,
  auth: null,
  host: "127.0.0.1:3000",
  port: "3000",
  hostname: "127.0.0.1",
  hash: null,
  search: null,
  query: null,
  pathname: "/oidc/jwks",
  path: "/oidc/jwks",
  href: "http://127.0.0.1:3000/oidc/jwks",
}

Testing

Call jwksRsa.passportJwtSecret using a jwksUri containing a port (e.g. http://localhost:3000). Notice the ENOTFOUND failure caused by dns resolution errors.

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not master

@cjlpowers
Use hostname instead of host when creating request
1da565d 
Host may contain ports which causes dns lookup failures.
@cjlpowers cjlpowers requested a review from a team as a code owner March 15, 2021 18:09
@carboneater carboneater mentioned this pull request Mar 16, 2021
Closed
@MelvinVermeer
Copy link

Any updates on this PR?

Having this PR merged and released would allow us me to migrate to jwks-rsa v2 in my software.

@cabelitos
Copy link

I can confirm that this is also affecting us.

@davidpatrick davidpatrick merged commit 2233ec8 into auth0:master Mar 22, 2021
@davidpatrick davidpatrick added this to the vNext2 milestone Mar 22, 2021
@djejaquino
Copy link

Thanks for this @cjlpowers and @davidpatrick
Any ETA on the release?

This was referenced Mar 24, 2021
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidpatrick davidpatrick davidpatrick approved these changes

Assignees
No one assigned
Labels
CH: Fixed
Projects
None yet
Milestone
2.0.2
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@cjlpowers @MelvinVermeer @cabelitos @djejaquino @davidpatrick