oauth2-cc should use the proxy configuration for getOidcTokenClientCredentials

[harishbsrinivas]

⚠️ Please verify that this question has NOT been raised before.

• I checked and didn't find similar issue

🛡️ Security Policy

• I agree to have read this project Security Policy

📝 Describe your problem

I have a monitor protected by JWT based authentication. I have configured the endpoint/clientID/Secret etc. However, the monitor fails with error "The oauth config is invalid, ENOTFOUND error".

Troubleshooting this further, the token endpoint can be reached via curl from the Docker container running uptime kuma without issue. Both the clientID and secret are valid and have been tested via Postman calls. This rules out any DNS related problems, as curl as well as postman are able to resolve this endpoint.

I also have a proxy setup that has been configured to route specific traffic. What i suspect is that nodeJS is unable to route the traffic to the JWT endpoint as it is not aware of the proxy?

Has anyone else faced similar issues with JWT + Proxy?

📝 Error Message(s) or Log

"The oauth config is invalid, ENOTFOUND error".

🐻 Uptime-Kuma Version

1.23.11

💻 Operating System and Arch

Suse 15 with Kuma docker image

🌐 Browser

Firefox 115.10.0esr (64-bit)

🖥️ Deployment Environment

• Runtime: 20.10.17-ce
• Database: Sqlite/embedded
• Filesystem used to store the database on: ext4
• number of monitors: 108

[CommanderStorm]

We currently don't support JWT based auth.

=> Why are you getting an oauth error when you are specifying a JWT in a header?

Are you maybe using oauth2-cc instead?

Assuming you do, you are using

uptime-kuma/server/util-server.js

Lines 74 to 91 in 126d6cd

	exports.getOidcTokenClientCredentials = async (tokenEndpoint, clientId, clientSecret, scope, authMethod = "client_secret_basic") => {
	const oauthProvider = new oidc.Issuer({ token_endpoint: tokenEndpoint });
	let client = new oauthProvider.Client({
	client_id: clientId,
	client_secret: clientSecret,
	token_endpoint_auth_method: authMethod
	});
	// Increase default timeout and clock tolerance
	client[oidc.custom.http_options] = () => ({ timeout: 10000 });
	client[oidc.custom.clock_tolerance] = 5;
	let grantParams = { grant_type: "client_credentials" };
	if (scope) {
	grantParams.scope = scope;
	}
	return await client.grant(grantParams);
	};

Which uses openid-client.
=> something like panva/node-openid-client#307 wold be required to get this part to use the proxy as well