fix: use provided fetcher to fetch jwks

[bukowskiadam]

I had to do some magic tricks to keep the fetcher's interface the same because JwksClient expects to just return the jwks.

This PR is more for a discussion, maybe we should use a different fetch implementation for this purpose. I've checked it and JwksClient uses node http or https agent.

[joawan]

JwksClient also supports overriding requestAgent but I'd say the fetcher is more flexible. I see the magic, but looks alright. It's possible to add some extra magic, to not send in { fetcher: false }, but might be be unnecessary.

I noticed that the custom fetcher removes support for timeout, requestHeaders, requestAgent. timeout is a configurable via the jwks_timeout setting of the lib. This change will always ignore that timeout, since fetch is always set in options when using main entry point.

This lib uses node-fetch v2 at the comment and it supports timeout but recommends using AbortSignal instead. Timeout option is removed in node-fetch v3.

I'll explore a bit what to do with the timeout option. Could be we just add it as an option and for the v2 case.

[bukowskiadam]

I get the point of the timeout and using our node-fetch always in JwksClient and that's changing too much. So maybe something like this:


Separate fetch key from the fetch jwks?

[joawan]

That's another option that limits unforeseen consequences a lot. Would just need to make a note in the docs that timeout isn't respected when using custom jwks fetcher and that those would be needed to be handled by the custom fetcher.

[bukowskiadam]

Sorry, I'm pretty busy with other stuff. I'll redo it as we agreed ☝🏻 and push commits here

[joawan]

LGTM