feat(proxy): proxy support with ConfidentialClient (#505)

Author: dgawande12

README.md

@@ -53,13 +53,21 @@ async function exampleRequest() {
 exampleRequest();
 ```
 
+### Configure a Proxy
+
+You can pass proxy settings to the ConfidentialClient if necessary. The proxy URL can be passed as an object with the proxyUrl property:
+
+```ts
+const confidentialClient = new ConfidentialClient('/path/to/config.json', { proxyUrl: 'http://username:password@proxy.example.com:8080' });
+```
+
 ## Modules
 
 Information about the various utility modules contained in this library can be found below.
 
 ### Authentication
 
-The [authentication module](src) provides helper classes that facilitate [OAuth 2.0](https://developer.factset.com/learn/authentication-oauth2) authentication and authorization with FactSet's APIs. Currently the module has support for the [client credentials flow](https://github.com/factset/oauth2-guidelines#client-credentials-flow-1).
+The [authentication module](src) provides helper classes that facilitate [OAuth 2.0](https://developer.factset.com/learn/authentication-oauth2) authentication and authorization with FactSet's APIs. Currently, the module has support for the [client credentials flow](https://github.com/factset/oauth2-guidelines#client-credentials-flow-1).
 
 Each helper class in the module has the following features:
 
@@ -130,7 +138,7 @@ Please refer to the [contributing guide](CONTRIBUTING.md).
 
 ## Copyright
 
-Copyright 2022 FactSet Research Systems Inc
+Copyright 2024 FactSet Research Systems Inc
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

__tests__/confidentialClient.spec.ts

@@ -2,7 +2,10 @@ import { Client } from 'openid-client';
 import { mocked } from 'ts-jest/utils';
 import { ConfidentialClient } from '../src';
 import { OpenIDClientFactory } from '../src/openIDClientFactory';
+import { HttpsProxyAgent } from 'https-proxy-agent';
+
 jest.mock('../src/openIDClientFactory');
+
 describe('test ConfidentialClient class', () => {
   describe('test instanciating', () => {
     test('should create an instance', () => {
@@ -75,5 +78,27 @@ describe('test ConfidentialClient class', () => {
 
       await expect(confidentialClient.getAccessToken()).rejects.toThrow('Error attempting to get access token');
     });
+
+    test('should use the proxy agent if provided', async () => {
+      const proxyUrl = 'http://proxy.example.com:8080';
+
+      mocked(OpenIDClientFactory.getClient).mockResolvedValue({
+        grant: jest.fn().mockResolvedValue({
+          access_token: 'test_token',
+          expires_at: Math.floor(Date.now() / 1000) + 900,
+        }),
+      } as unknown as Client);
+
+      const confidentialClient = new ConfidentialClient('./__tests__/fixtures/validConfig.json', {
+        proxyUrl: proxyUrl,
+      });
+
+      await confidentialClient.getAccessToken();
+
+      expect(OpenIDClientFactory.getClient).toHaveBeenCalledWith(
+        expect.anything(),
+        new HttpsProxyAgent('http://proxy.example.com:8080'),
+      );
+    });
   });
 });

__tests__/openIDClientFactory.spec.ts

@@ -1,6 +1,7 @@
 import { OpenIDClientFactory } from '../src/openIDClientFactory';
 import { mocked } from 'ts-jest/utils';
-import { Client, Issuer } from 'openid-client';
+import { Client, custom, Issuer } from 'openid-client';
+import { HttpsProxyAgent } from 'https-proxy-agent';
 
 jest.mock('openid-client');
 
@@ -46,6 +47,23 @@ describe('Test OpenIDClientFactory class', () => {
       expect(Issuer.discover).toHaveBeenCalledWith('testWellKnownUri');
     });
 
+    test('should not throw an error and set proxy properly', async () => {
+      const proxyUrl = 'http://proxy.example.com:8080';
+
+      mocked(Issuer.discover).mockResolvedValue({
+        metadata: {
+          issuer: 'test',
+          token_endpoint: 'token_endpoint',
+        },
+        Client: jest.fn().mockReturnValue({
+          grant: jest.fn().mockResolvedValue('testgrant'),
+        }),
+      } as unknown as Issuer<Client>);
+
+      await OpenIDClientFactory.getClient(config, new HttpsProxyAgent(proxyUrl));
+      expect(custom.setHttpOptionsDefaults).toHaveBeenCalledWith({ agent: new HttpsProxyAgent(proxyUrl) });
+    });
+
     test('should throw an error while retrieving contents from well known uri', async () => {
       mocked(Issuer.discover).mockRejectedValue('test_error');
 

package.json

@@ -28,8 +28,9 @@
   ],
   "dependencies": {
     "debug": "^4.3.4",
-    "jose": "^4.15.4",
+    "http-proxy-agent": "^7.0.2",
     "joi": "^17.12.3",
+    "jose": "^4.15.4",
     "openid-client": "^5.6.5"
   },
   "devDependencies": {

src/confidentialClient.ts

@@ -1,10 +1,12 @@
-import { Token, AccessTokenError, ConfidentialClientConfiguration, OAuth2Client } from '.';
+import { AccessTokenError, ConfidentialClientConfiguration, OAuth2Client, Token } from '.';
 import { OpenIDClientFactory } from './openIDClientFactory';
 import { Configuration } from './configuration';
 import { Client } from 'openid-client';
-import { PACKAGE_NAME, JWT_NOT_BEFORE_SECS, JWT_EXPIRE_AFTER_SECS } from './constants';
+import { JWT_EXPIRE_AFTER_SECS, JWT_NOT_BEFORE_SECS, PACKAGE_NAME } from './constants';
 import { unixTimestamp } from './unixTimestamp';
 import debugModule from 'debug';
+import { HttpsProxyAgent } from 'https-proxy-agent';
+
 const debug = debugModule(`${PACKAGE_NAME}:ConfidentialClient`);
 
 /**
@@ -19,11 +21,13 @@ export class ConfidentialClient implements OAuth2Client {
   private readonly _config: ConfidentialClientConfiguration;
   private _token: Token;
   private _openIDClient!: Client;
+  private _options: { proxyUrl: string } | null;
 
   /**
    * @param path Path to credentials configuration file.
+   * @param _options HTTP proxy options.
    */
-  constructor(path: string);
+  constructor(path: string, _options?: { proxyUrl: string });
 
   /**
    * Example config
@@ -54,9 +58,10 @@ export class ConfidentialClient implements OAuth2Client {
    * @param config FacSet ConfidentialClient configuration object
    */
   constructor(config: ConfidentialClientConfiguration);
-  constructor(param: ConfidentialClientConfiguration | string) {
+  constructor(param: ConfidentialClientConfiguration | string, _options?: { proxyUrl: string }) {
     this._config = Configuration.loadConfig(param);
     this._token = new Token('', 0);
+    this._options = _options ?? null;
   }
 
   /**
@@ -80,7 +85,11 @@ export class ConfidentialClient implements OAuth2Client {
     }
     debug('Token is expired or invalid');
 
-    if (this._openIDClient === undefined) {
+    if (this._options?.proxyUrl) {
+      const proxyAgent = new HttpsProxyAgent(`${this._options.proxyUrl}`);
+
+      this._openIDClient = await OpenIDClientFactory.getClient(this._config, proxyAgent);
+    } else {
       this._openIDClient = await OpenIDClientFactory.getClient(this._config);
     }
 

src/configuration.ts

@@ -4,6 +4,7 @@ import { ConfigurationError } from './errors';
 import { FACTSET_WELL_KNOWN_URI, PACKAGE_NAME } from './constants';
 import { readFileSync } from 'fs';
 import debugModule from 'debug';
+
 const debug = debugModule(`${PACKAGE_NAME}:configuration`);
 
 export type ConfidentialClientJwk = jose.JWK;

src/openIDClientFactory.ts

@@ -1,15 +1,23 @@
 import { ConfidentialClientConfiguration, WellKnownURIError } from '.';
-import { Client, Issuer, ClientAuthMethod } from 'openid-client';
+import { Client, ClientAuthMethod, custom, Issuer } from 'openid-client';
 import debugModule from 'debug';
 import { PACKAGE_NAME } from './constants';
+import { Agent } from 'node:http';
+
 const debug = debugModule(`${PACKAGE_NAME}:OpenIDClientFactory`);
 
 export class OpenIDClientFactory {
-  public static async getClient(config: ConfidentialClientConfiguration): Promise<Client> {
+  public static async getClient(config: ConfidentialClientConfiguration, proxyAgent?: Agent): Promise<Client> {
     const jwks = {
       keys: [config.jwk],
     };
 
+    if (proxyAgent) {
+      custom.setHttpOptionsDefaults({
+        agent: proxyAgent,
+      });
+    }
+
     const clientAuthMethod: ClientAuthMethod = 'private_key_jwt';
 
     const metadata = {

yarn.lock

@@ -1092,6 +1092,13 @@ agent-base@6:
   dependencies:
     debug "4"
 
+agent-base@^7.1.0:
+  version "7.1.1"
+  resolved "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz#bdbded7dfb096b751a2a087eeeb9664725b2e317"
+  integrity sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==
+  dependencies:
+    debug "^4.3.4"
+
 ajv@^6.12.4:
   version "6.12.6"
   resolved "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4"
@@ -1940,6 +1947,14 @@ http-proxy-agent@^4.0.1:
     agent-base "6"
     debug "4"
 
+http-proxy-agent@^7.0.2:
+  version "7.0.2"
+  resolved "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz#9a8b1f246866c028509486585f62b8f2c18c270e"
+  integrity sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==
+  dependencies:
+    agent-base "^7.1.0"
+    debug "^4.3.4"
+
 https-proxy-agent@^5.0.0:
   version "5.0.0"
   resolved "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.0.tgz#e2a90542abb68a762e0a0850f6c9edadfd8506b2"