Enable setting of a custom HTTP client for HTTPRequest.send
Issue #434
resolved
The current com.nimbusds.oauth2.sdk.http.HTTPRequest does not allow to implement retry strategies to apply when sending requests. It would be nice and useful to allow setting a custom HTTPClient instance initialized with such behavior.
Comments (15)
-
-
reporter
I normally use the Apache HttpClient 4.x
-
- changed status to open
Adding an interface to enable integration of external HTTP clients.
-
- changed title to Enable setting of a custom HTTP client for HTTPRequest.send
Makes title general
-
- changed status to resolved
Implemented here: cbbb0af5
Released in:
version 11.0 (2023-09-20) * Breaking change: HTTPRequest.getURL and getURI returns a modified URL if setQuery(String), appendQueryString(String), appendQueryParameters(Map<String, List<String>) or setFragment(String) is called. * Adds HTTPRequestSender interface for implementing custom HTTPRequest dispatching via a new HTTPRequest.send(HTTPRequestSender) method. * Adds ReadOnlyHTTPMessage, ReadOnlyHTTPRequest and ReadOnlyHTTPResponse interfaces for the new HTTPRequestSender. * Adds HTTPRequest.appendQueryString(String) and appendQueryParameters(Map<String, List<String>) methods. * Adds HTTPMessage.getBody() and setBody(String) methods. * Adds HTTPMessage.getBodyAsFormParameters(), getBodyAsJSONObject(), getBodyAsJSONArray() and getBodyAsJWT() helper methods. * Deprecates HTTPRequest.getQuery() and setQuery(String). Use HTTPRequest.getURL().getQuery() and appendQueryString(String) instead. * Deprecates HTTPResponse.getContent(), getContentAsJSONObject.(), getContentAsJSONArray(), getContentAsJWT() and setContent(String). * Adds URLUtils.setEncodedQuery(String) and setEncodedFragment(String) methods. * URLUtils.parseParameters(String) switches to LinkedHashMap. * The TokenIntrospectionRequest.parse must use only the form parameters found in the request body, URL query string parameters must be ignored (iss #432). * Switches LogoutRequest.toHTTPRequest() from HTTP GET to POST to prevent the optional id_token_hint parameter from getting exposed in access logs (iss #439). -
Mini how-to with Apache HttpClient 4.5 posted here:
https://connect2id.com/products/nimbus-oauth-openid-connect-sdk/examples/utils/custom-http-client
Happy coding!
-
reporter
Thanks a lot Yavor, much appreciated!
There are just a couple of typos in the how-to:
- at the beginning,
HTTPRequestSender myHttpClient =newApacheHttpClient();should readHTTPRequestSender customClient =newApacheHttpClient(); - near the end of the sample code,
httpResponse.setStatusMessage(statusLine.getReasonPhrase(should readhttpResponse.setStatusMessage(statusLine.getReasonPhrase());
Finally, checking for
response.getEntity().getContentLength() > 0may not always be a good idea, as that apparently relies on the Content-Length HTTP header, which could not be returned by the HTTP server, even if content is actually there. - at the beginning,
-
Hi Paolo,
Thanks for getting back with this feedback.
What is the correct way to check whether an Entity Body is present with an ApacheHttpClient?
-
reporter
Hello Vladimir,
I usually simply check if response.getEntity() is null or not. However, the entity could be non-null and yet empty. so the
org.apache.http.util.EntityUtils.toString() method could come in handy. It takes a (non-null) entity and returns a string: if the resulting string is empty then the entity body is empty.I don’t know if this is the best or most correct method, but it generally works…
-
reporter
Hello again,
about the TrustChainResolver, I see that there’s already the possibility to pass a custom EntityStatementRetriever, but I guess it’s not the same approach as the new HTTPRequestSender interface realized for this issue. Do you have any hint about how to use a custom HTTP Client for that as well?
-
The HTTP client example was fixed, thanks for your input.
We’ll try to check out the trust chain resolver HTTP handling next week.
-
reporter
Hello Yavor, you mean the example at https://connect2id.com/products/nimbus-oauth-openid-connect-sdk/examples/utils/custom-http-client ? It still appears unchanged on the public page. Maybe you still have to make your changes public?
-
The site wasn’t synced, but now it is
Thanks for the heads up!
-
reporter
Good! But there would also be that other minor fix in the initial code fragment at the top of the same page where you first define “myHttpClient” and then use “customClient” right below it.
-
A new ticket was created to track the OpenID Federation ES retrieval with custom HTTP client. You can track the progress there:
The example was fixed. It can be seen in this test
→
- Log in to comment
The JWT received a contribution for a similar facility last year. Perhaps it could be ported here, via an HTTPClient interface:
https://connect2id.com/products/nimbus-jose-jwt/examples/enhanced-jwk-retrieval
Do you have an HTTP client that you typically work with?