Fix RPError issuer timeouts with future/auth (#3762)

* ♻️ Proxy issuers to avoid calling them when users do not use the adapters * 🩹 Upload changeset
sst · May 14, 2024 · 1706947 · 1706947
1 parent 6f8fb48
commit 1706947
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 10 deletions.
diff --git a/.changeset/old-camels-report.md b/.changeset/old-camels-report.md
@@ -0,0 +1,5 @@
+---
+"sst": patch
+---
+
+Proxy issuer calls to avoid timeouts on unused auth adapters
diff --git a/packages/sst/src/node/future/auth/adapter/apple.ts b/packages/sst/src/node/future/auth/adapter/apple.ts
@@ -1,5 +1,5 @@
 import querystring from 'node:querystring';
-import { generators, Issuer } from 'openid-client';
+import {BaseClient, generators, Issuer} from 'openid-client';
 
 import { useBody, useCookie, useDomainName, usePathParam, useResponse } from '../../../api/index.js';
 import { Adapter } from './adapter.js';
@@ -13,19 +13,27 @@ import { OauthConfig } from './oauth.js';
 // userinfo_endpoint are not included in the response.
 // await Issuer.discover("https://appleid.apple.com/.well-known/openid-configuration/");
 
-const issuer = await Issuer.discover(
- "https://appleid.apple.com/.well-known/openid-configuration"
-)
+let realIssuer: Issuer<BaseClient>;
+
+const issuer = new Proxy({}, {
+ get: async function(target, prop: string){
+ if(!realIssuer){
+ realIssuer = await Issuer.discover("https://appleid.apple.com/.well-known/openid-configuration");
+ }
+ return realIssuer[prop];
+ }
+})
 
 export const AppleAdapter =
  /* @__PURE__ */
  (config: OauthConfig) => {
+
  return async function () {
  const step = usePathParam("step");
  const callback = "https://" + useDomainName() + "/callback";
  console.log("callback", callback);
 
- const client = new issuer.Client({
+ const client = new (issuer as Issuer<BaseClient>).Client({
  client_id: config.clientID,
  client_secret: config.clientSecret,
  redirect_uris: [callback],

diff --git a/packages/sst/src/node/future/auth/adapter/google.ts b/packages/sst/src/node/future/auth/adapter/google.ts
@@ -1,8 +1,17 @@
-import { Issuer } from "openid-client";
+import {BaseClient, Issuer} from "openid-client";
 import { OidcAdapter, OidcBasicConfig } from "./oidc.js";
 import { OauthAdapter, OauthBasicConfig } from "./oauth.js";
 
-const issuer = await Issuer.discover("https://accounts.google.com");
+let realIssuer: Issuer<BaseClient>;
+
+const issuer = new Proxy({}, {
+ get: async function(target, prop: string){
+ if(!realIssuer){
+ realIssuer = await Issuer.discover("https://accounts.google.com");
+ }
+ return realIssuer[prop];
+ }
+})
 
 type GooglePrompt = "none" | "consent" | "select_account";
 type GoogleAccessType = "offline" | "online";
@@ -19,7 +28,7 @@ export function GoogleAdapter(config: GoogleConfig) {
  /* @__PURE__ */
  if (config.mode === "oauth") {
  return OauthAdapter({
- issuer,
+  issuer: issuer as Issuer<BaseClient>,
  ...config,
  params: {
  ...(config.accessType && { access_type: config.accessType }),
@@ -28,7 +37,7 @@ export function GoogleAdapter(config: GoogleConfig) {
  });
  }
  return OidcAdapter({
- issuer,
+ issuer: issuer as Issuer<BaseClient>,
  scope: "openid email profile",
  ...config,
  });

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml