retry failed outgoing HTTP requests and add options to configure it

in OIDCHTTPTimeoutLong/OIDCHTTPTimeoutShort; bump to 2.4.15rc0 Signed-off-by: Hans Zandbelt <[email protected]>
OpenIDC · Oct 30, 2023 · 8c8ee13 · 8c8ee13
1 parent 12394bf
commit 8c8ee13
Show file tree

Hide file tree

Showing 10 changed files with 475 additions and 303 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -4,7 +4,8 @@
 - restore backwards compatibility wrt. allowing parallel refresh token requests by default, and add an
   option to prevent that (i.e. in case of rolling refresh tokens) using envvar OIDC_PARALLEL_REFRESH_NOT_ALLOWED
 - return HTTP 500 on token refresh errors instead of HTTP 401
-- bump to 2.4.14.5rc1
+- retry failed outgoing HTTP requests and add options to configure it in OIDCHTTPTimeoutLong/OIDCHTTPTimeoutShort
+- bump to 2.4.15rc0
 
 10/12/2023
 - release 2.4.14.4

diff --git a/auth_openidc.conf b/auth_openidc.conf
@@ -874,13 +874,21 @@
 # a server-wide or directory level.
 #OIDCAuthNHeader <header-name>
 
-# Timeout in seconds for long duration HTTP calls. This is used for most requests to remote endpoints/servers.
-# When not defined the default of 60 seconds is used.
-#OIDCHTTPTimeoutLong <seconds>
-
-# Timeout in seconds for short duration HTTP calls; used for Client Registration and OP Discovery requests.
-# When not defined the default of 5 seconds is used.
-#OIDCHTTPTimeoutShort <seconds>
+# Timeout in seconds for long duration HTTP calls. This defines the maximum duration that a request make take to
+# to complete and is used for most requests to remote endpoints/servers.
+# The optional <connect-timeout> parameter specifies the connect timeout in seconds, as part of the overall request timeout.
+# The optional <retries> parameter specifies the number of retry attempts in case of connectivity errors.
+# When not defined the default of 30 seconds is used, with a 10 second connect timeout, using 1 retry after
+# an interval of 500ms.
+#OIDCHTTPTimeoutLong <seconds> [<connect-timeout>] [<retries>[:<retry-interval-ms>]]
+
+# Timeout in seconds for short duration HTTP calls. This defines the maximum duration that a request may take to
+# to complete and is used for Client Registration and OP Discovery requests.
+# The optional <connect-timeout> parameter specifies the connect timeout in seconds, as part of the overall request timeout.
+# The optional <retries> parameter specifies the number of retry attempts in case of connectivity errors.
+# When not defined the default of 5 seconds is used, with a 2 second connect timeout, using 1 retry with
+# an interval of 500ms.
+#OIDCHTTPTimeoutShort  <seconds> [<connect-timeout>] [<retries>[:<retry-interval-ms>]]
 
 # Time to live in seconds for state parameter i.e. the interval in which the authorization request
 # and the corresponding response need to be processed. When not defined the default of 300 seconds is used.

diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([mod_auth_openidc],[2.4.14.5rc1],[[email protected]])
+AC_INIT([mod_auth_openidc],[2.4.15rc0],[[email protected]])
 
 AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())