Question: Setting the timeout for token retrieval during client_credentials grant

[sharpedavid]

Hello @jgrandja and thank you for this great resource. I have been following it carefully the last couple of days and everything is working well.

First off, let me apologize if this is the wrong place for questions. Please close this and forget about it. I appreciate you must be busy.

On my slow network I am often getting connection timeouts when trying to retrieve the token during a client-credentials grant (e.g. from https://authserver/protocol/openid-connect/token). It does work if I simply refresh the page a few times, but obviously I'd like to do better. I'm wondering how I can configure the token retrieval timeout.

I would post my code, but it is basically identical to what you have for https://github.com/jgrandja/spring-security-oauth-5-2-migrate/blob/master/client-app/src/main/java/org/springframework/security/oauth/samples/web/AuthorizationController.java#L56.

(Incidentally, I found this issue from 2017 that you commented on, spring-projects/spring-security#4474 (comment), and it sounds like a similar issue: "This error is happening during the Access Token Request call in NimbusAuthorizationCodeTokenExchanger..." You propose a new feature, the HttpClientConfig, but later discard it after some discussion with other devs.)

[jgrandja]

@sharpedavid You will need to customize the underlying HTTP Client with the appropriate connect/read timeout. For the access token request in the sample, the RestTemplate associated to the DefaultAuthorizationCodeTokenResponseClient would need to be customized.

Take a look at this sample code on how to supply a custom RestOperations to DefaultAuthorizationCodeTokenResponseClient - you just need to configure the RestTemplate.