Added ability to configure timeout on JWKS endpoints instead of always being 15 seconds

[andrewmcgivery]

Added ability to configure timeout on JWKS endpoints instead of always being 15 seconds

---

Checklist

Complete the checklist (and note appropriate exceptions) before the PR is marked ready-for-review.

• Changes are compatible¹
• Documentation² completed
• Performance impact assessed and acceptable
• Tests added and passing³
  • Unit Tests
  • Integration Tests
  • Manual Tests

Exceptions

Note any exceptions here

Notes

Footnotes

1. It may be appropriate to bring upcoming changes to the attention of other (impacted) groups. Please endeavour to do this before seeking PR approval. The mechanism for doing this will vary considerably, so use your judgement as to how and when to do this. ↩

2. Configuration is an important part of many changes. Where applicable please try to document configuration examples. ↩

3. Tick whichever testing boxes are applicable. If you are adding Manual Tests, please document the manual testing (extensively) in the Exceptions. ↩

[svc-apollo-docs]

✅ Docs Preview Ready

No new or changed pages found.

[router-perf]

CI performance tests

• connectors-const - Connectors stress test that runs with a constant number of users
• const - Basic stress test that runs with a constant number of users
• demand-control-instrumented - A copy of the step test, but with demand control monitoring and metrics enabled
• demand-control-uninstrumented - A copy of the step test, but with demand control monitoring enabled
• enhanced-signature - Enhanced signature enabled
• events - Stress test for events with a lot of users and deduplication ENABLED
• events_big_cap_high_rate - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity
• events_big_cap_high_rate_callback - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity using callback mode
• events_callback - Stress test for events with a lot of users and deduplication ENABLED in callback mode
• events_without_dedup - Stress test for events with a lot of users and deduplication DISABLED
• events_without_dedup_callback - Stress test for events with a lot of users and deduplication DISABLED using callback mode
• extended-reference-mode - Extended reference mode enabled
• large-request - Stress test with a 1 MB request payload
• no-tracing - Basic stress test, no tracing
• reload - Reload test over a long period of time at a constant rate of users
• step-jemalloc-tuning - Clone of the basic stress test for jemalloc tuning
• step-local-metrics - Field stats that are generated from the router rather than FTV1
• step-with-prometheus - A copy of the step test with the Prometheus metrics exporter enabled
• step - Basic stress test that steps up the number of users over time
• xlarge-request - Stress test with 10 MB request payload
• xxlarge-request - Stress test with 100 MB request payload

[BrynCooke]

Please can you add a changelog and an integration test to show timeout happening?

Make sure to pull before adding an integration test as the API for the integration tester has changed a bit.

[andrewmcgivery]

Please can you add a changelog and an integration test to show timeout happening?

Make sure to pull before adding an integration test as the API for the integration tester has changed a bit.

I'm struggling a bit with how to test this.

I saw some other tests that would in theory be similar (in traffic shaping) and used that as a starting point:

#[tokio::test(flavor = "multi_thread")]
async fn test_jwks_timeout() -> Result<(), BoxError> {
    let mut router = IntegrationTest::builder()
        .config(format!(
            r#"
            {PROMETHEUS_CONFIG}
            authentication:
                router:
                    jwt:
                      jwks:
                          - url: https://dev-zzp5enui.us.auth0.com/.well-known/jwks.json
                            timeout: 1ns
            "#
        ))
        .responder(ResponseTemplate::new(500).set_delay(Duration::from_millis(20)))
        .build()
        .await;

    router.start().await;
    router.assert_not_started().await;

    router.graceful_shutdown().await;
    Ok(())
}

But it's unclear to me how to specifically simulate the jwks timing out as opposed to a subgraph call, which I think is what the above is doing, and also unclear what I should be asserting, given it will be a startup error and not an error from a subgraph call.

I also can't seem to find any existing authentication integration tests either 😓