feat: configure timeout via options parameter (#223)

* feat: configure timeout via options parameter * feat: update readme and unit tests * fix: remove .only
nearform · Jul 19, 2023 · 267eacc · 267eacc
1 parent 138b447
commit 267eacc
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -21,6 +21,7 @@ const buildGetJwks = require('get-jwks')
 const getJwks = buildGetJwks({
   max: 100,
   ttl: 60 * 1000,
+  timeout: 5000,
   allowedDomains: ['https://example.com'],
   providerDiscovery: false,
   agent: new https.Agent({
@@ -31,6 +32,7 @@ const getJwks = buildGetJwks({
 
 - `max`: Max items to hold in cache. Defaults to 100.
 - `ttl`: Milliseconds an item will remain in cache. Defaults to 60s.
+- `timeout`: Specifies how long it should wait to retrieve a JWK before it fails. The time is set in milliseconds. Defaults to 5s.
 - `allowedDomains`: Array of allowed domains. By default all domains are allowed.
 - `providerDiscovery`: Indicates if the Provider Configuration Information is used to automatically get the jwks_uri from the [OpenID Provider Discovery Endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig). This endpoint is exposing the [Provider Metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). With this flag set to true the domain will be treated as the OpenID Issuer which is the iss property in the token. Defaults to false. Ignored if jwksPath is specified.
 - `jwksPath`: Specify a relative path to the jwks_uri. Example `/otherdir/jwks.json`. Takes precedence over providerDiscovery. Optional.

diff --git a/src/get-jwks.d.ts b/src/get-jwks.d.ts
@@ -17,6 +17,7 @@ type GetJwksOptions = {
   providerDiscovery?: boolean
   jwksPath?: string
   agent?: Agent
+  timeout?: number
 }
 
 type GetJwks = {

diff --git a/src/get-jwks.js b/src/get-jwks.js
@@ -17,6 +17,7 @@ function ensureNoLeadingSlash(path) {
 function buildGetJwks(options = {}) {
   const max = options.max || 100
   const ttl = options.ttl || 60 * 1000 /* 1 minute */
+  const timeout = options.timeout || 5 * 1000 /* 5 seconds */
   const allowedDomains = (options.allowedDomains || []).map(ensureTrailingSlash)
   const providerDiscovery = options.providerDiscovery || false
   const jwksPath = options.jwksPath
@@ -35,7 +36,7 @@ function buildGetJwks(options = {}) {
       `${normalizedDomain}.well-known/openid-configuration`,
       {
         agent,
-        timeout: 5000,
+        timeout,
       }
     )
     const body = await response.json()
@@ -101,7 +102,7 @@ function buildGetJwks(options = {}) {
       ? await getJwksUri(normalizedDomain)
       : `${normalizedDomain}.well-known/jwks.json`
 
-    const response = await fetch(jwksUri, { agent, timeout: 5000 })
+    const response = await fetch(jwksUri, { agent, timeout })
     const body = await response.json()
 
     if (!response.ok) {

diff --git a/test/getJwk.spec.js b/test/getJwk.spec.js
@@ -38,7 +38,7 @@ t.test('rejects if alg and kid do not match', async t => {
 
   await t.rejects(
     getJwks.getJwk({ domain, alg: 'NOT', kid: 'FOUND' }),
-    'No matching JWK found in the set.'
+    'No matching JWK found in the set.',
   )
 })
 
@@ -90,7 +90,7 @@ t.test(
 
     t.ok(jwk)
     t.same(jwk, key)
-  }
+  },
 )
 
 t.test('caches a successful response', async t => {
@@ -125,7 +125,7 @@ t.test('rejects if response is an empty object', async t => {
 
   return t.rejects(
     getJwks.getJwk({ domain, alg, kid }),
-    'No JWKS found in the response.'
+    'No JWKS found in the response.',
   )
 })
 
@@ -136,7 +136,7 @@ t.test('rejects if no JWKS are found in the response', async t => {
 
   return t.rejects(
     getJwks.getJwk({ domain, alg, kid }),
-    'No JWKS found in the response.'
+    'No JWKS found in the response.',
   )
 })
 
@@ -241,7 +241,7 @@ t.test('allowed domains', async t => {
         const [{ alg, kid }] = jwks.keys
 
         t.ok(await getJwks.getJwk({ domain: domainFromToken, alg, kid }))
-      }
+      },
     )
   })
 
@@ -269,7 +269,36 @@ t.test('allowed domains', async t => {
 
     return t.rejects(
       getJwks.getJwk({ domain, alg, kid }),
-      'The domain is not allowed.'
+      'The domain is not allowed.',
     )
   })
 })
+
+t.test('timeout', async t => {
+  const domain = 'https://example.com'
+  const [{ alg, kid }] = jwks.keys
+
+  t.beforeEach(() =>
+    nock(domain).get('/.well-known/jwks.json').reply(200, jwks),
+  )
+
+  let timeout
+  const buildGetJwks = t.mock('../src/get-jwks', {
+    'node-fetch': (init, options) => {
+      timeout = options.timeout
+      return require('node-fetch')(init, options)
+    },
+  })
+
+  t.test('timeout defaults to 5 seconds', async t => {
+    const getJwks = buildGetJwks()
+    await getJwks.getJwk({ domain, alg, kid })
+    t.equal(timeout, 5000)
+  })
+
+  t.test('ensures that timeout is set to 10 seconds', async t => {
+    const getJwks = buildGetJwks({ timeout: 10000 })
+    await getJwks.getJwk({ domain, alg, kid })
+    t.equal(timeout, 10000)
+  })
+})
diff --git a/test/getJwksUri.spec.js b/test/getJwksUri.spec.js
@@ -46,5 +46,33 @@ t.test(
     }
 
     await t.rejects(getJwks.getJwksUri(domain), expectedError)
-  }
+  },
 )
+
+t.test('timeout', async t => {
+  t.beforeEach(() =>
+    nock(domain)
+      .get('/.well-known/openid-configuration')
+      .reply(200, { jwks_uri: 'http://localhost' }),
+  )
+
+  let timeout
+  const buildGetJwks = t.mock('../src/get-jwks', {
+    'node-fetch': (input, options) => {
+      timeout = options.timeout
+      return require('node-fetch')(input, options)
+    },
+  })
+
+  t.test('timeout defaults to 5 seconds', async t => {
+    const getJwks = buildGetJwks()
+    await getJwks.getJwksUri(domain)
+    t.equal(timeout, 5000)
+  })
+
+  t.test('ensures that timeout is set to 10 seconds', async t => {
+    const getJwks = buildGetJwks({ timeout: 10000 })
+    await getJwks.getJwksUri(domain)
+    t.equal(timeout, 10000)
+  })
+})