Proxy config not working when using oauth 2.0 authentication

Question

Proxy config not working when using oauth 2.0 authentication

cvchavez2 opened this issue 2 years ago · 2 comments

Describe the bug?

I'm running behind a proxy.

Using the SDK with an Okta API key works as expected when I provide the httpsProxy config to the client.

Example:

const oktaProvider = require('@okta/okta-sdk-nodejs')

const oktaClient = new oktaProvider.Client({
    orgUrl: 'https://{okta-org}.oktapreview.com/',
    token: process.env.OTOKEN,
    httpsProxy: process.env.HTTPS_PROXY
})

The thing is we don't want to use an API key but rather implement OAuth 2.0 authentication using scoped tokens.

When we configure the Okta client with the values needed we start getting ECONNRESET errors. We then go ahead and set the httpsProxy value as it is referenced here. The same problem occurs then. The difference with that example is that the API key is being used not the private key.

Error example:
FetchError: request to https://{okta-org}.oktapreview.com/oauth2/v1/token failed, reason: read ECONNRESET

Example of client config with private key values:

const oktaClient = new oktaProvider.Client({
    orgUrl: 'https://{okta-org}.oktapreview.com/',
    authorizationMode: 'PrivateKey',
    clientId: '{xxxxxx client id xxxx}',
    scopes: ['okta.users.read'],
    privateKey: privateKey,
    httpsProxy: process.env.HTTPS_PROXY,
    keyId: kid 
})

I have tried passing in the privateKey in the 3 possible ways that it is recommended to ensure I was not getting that part wrong.

I understand that when you use the OAuth 2.0 approach with scoped tokens the sdk makes requests to the /token endpoint. What I don't understand is why the proxy config does not work when you use a private key? Both approaches should be consistent.

What is expected to happen?

Providing the httpsProxy to the client should allow you to connect to Okta if you are behind a proxy using either an API key or OAuth 2.0.

What is the actual behavior?

FetchError: request to https://{okta-org}.oktapreview.com/oauth2/v1/token failed, reason: read ECONNRESET

Reproduction Steps?

You need to be running behind a proxy.

In the description of the bug I provided details on how I came across this problem.

SDK Versions

okta-sdk-nodejs version 6.6.0

Execution Environment

nodejs 19.6.0
macOS

Additional Information?

No response

Answer 1 · 2023-04-05T10:05:05.000Z

Thanks for submitting this issue.
Internal ref: OKTA-597488

Answer 2 · 2023-07-09T03:08:00.000Z

Any updates to this issue. I have a similar issue with authenticationmode set to PrivateKey, without setting proxy. Not getting response back from okta. V7.0.0