Skip to content

[BOUNTY #17550] Fix: Add configurable JWK retrieval timeout for Okta/Auth0#32768

Open
zhaog100 wants to merge 1 commit intojhipster:mainfrom
zhaog100:fix/jwk-retrieval-timeout
Open

[BOUNTY #17550] Fix: Add configurable JWK retrieval timeout for Okta/Auth0#32768
zhaog100 wants to merge 1 commit intojhipster:mainfrom
zhaog100:fix/jwk-retrieval-timeout

Conversation

@zhaog100
Copy link

@zhaog100 zhaog100 commented Mar 19, 2026

Problem

Spring Security's default JWK retrieval timeout (~500ms) causes failures on slow networks:
Couldn't retrieve remote JWK set: Read timed out

Solution

Add two configurable properties:

  • jhipster.security.oauth2.jwk-connect-timeout (default: 500ms)
  • jhipster.security.oauth2.jwk-read-timeout (default: 5000ms)

Users can override in application.yml:

jhipster:
  security:
    oauth2:
      jwk-connect-timeout: 1000
      jwk-read-timeout: 10000

Changes

  • SecurityConfiguration_imperative.java.ejs - Add timeout properties + setResourceRetriever()
  • SecurityConfiguration_reactive.java.ejs - Same fix for reactive apps

Closes #17550

@zhaog100
fix: add configurable JWK retrieval timeout for Okta/Auth0
760ca5a 
Fixes JWK retrieval failure on slow networks by adding configurable
timeout properties instead of relying on Spring Security's default
~500ms timeout.

Properties added:
- jhipster.security.oauth2.jwk-connect-timeout (default: 500ms)
- jhipster.security.oauth2.jwk-read-timeout (default: 5000ms)

Applied to both imperative and reactive SecurityConfiguration.

Closes jhipster#17550
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

theme: java

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

On a slow internet connection, Okta/Auth0 JWK retrieval API fails with socket timeout

1 participant

@zhaog100