node-openid-client: RequestError: connect ECONNREFUSED 127.0.0.1:443

Describe the bug

Node.js version: 14
OS & version: docker/alpine

Using this library through https://github.com/panva/node-openid-client , when making the initial request of the open id connect discovery document it throws this weird error

Actual behavior

2020-12-28T21:49:39.282Z tenx:lib-auth:http >>> Request GET https://private-oidc-provider.com//.well-known/oauth-authorization-server
2020-12-28T21:49:39.282Z tenx:lib-auth:http Headers: {
  'user-agent': 'openid-client', // the one that we use works
  accept: 'application/json',
  'accept-encoding': 'gzip, deflate, br'
}
2020-12-28T21:49:39.282Z tenx:lib-auth:http Body undefined
2020-12-28T21:49:39.283Z tenx:lib-auth:http >>> Request GET https://private-oidc-provider.com/.well-known/openid-configuration
2020-12-28T21:49:39.283Z tenx:lib-auth:http Headers: {
   'user-agent': 'openid-client',// the one that we use works
  accept: 'application/json',
  'accept-encoding': 'gzip, deflate, br'
}
2020-12-28T21:49:39.283Z tenx:lib-auth:http Body undefined
2020-12-28T21:49:39.297Z tenx:lib-auth:init Error creating costar client AggregateError:
    RequestError: connect ECONNREFUSED 127.0.0.1:443
        at ClientRequest.<anonymous> (/usr/src/app/node_modules/got/dist/source/core/index.js:957:25)
        at /usr/src/app/node_modules/dd-trace/packages/dd-trace/src/scope/base.js:68:19
        at Scope._activate (/usr/src/app/node_modules/dd-trace/packages/dd-trace/src/scope/base.js:44:14)
        at Scope.activate (/usr/src/app/node_modules/dd-trace/packages/dd-trace/src/scope/base.js:13:17)
        at ClientRequest.<anonymous> (/usr/src/app/node_modules/dd-trace/packages/dd-trace/src/scope/base.js:67:20)
        at ClientRequest.req.emit (/usr/src/app/node_modules/dd-trace/packages/datadog-plugin-http/src/client.js:93:21)
        at ClientRequest.origin.emit (/usr/src/app/node_modules/@szmarczak/http-timer/dist/source/index.js:39:20)
    RequestError: connect ECONNREFUSED 127.0.0.1:443
        at ClientRequest.<anonymous> (/usr/src/app/node_modules/got/dist/source/core/index.js:957:25)
        at /usr/src/app/node_modules/dd-trace/packages/dd-trace/src/scope/base.js:68:19
        at Scope._activate (/usr/src/app/node_modules/dd-trace/packages/dd-trace/src/scope/base.js:44:14)
        at Scope.activate (/usr/src/app/node_modules/dd-trace/packages/dd-trace/src/scope/base.js:13:17)
        at ClientRequest.<anonymous> (/usr/src/app/node_modules/dd-trace/packages/dd-trace/src/scope/base.js:67:20)
        at ClientRequest.req.emit (/usr/src/app/node_modules/dd-trace/packages/datadog-plugin-http/src/client.js:93:21)
        at ClientRequest.origin.emit (/usr/src/app/node_modules/@szmarczak/http-timer/dist/source/index.js:39:20)
    at maybeSettle (/usr/src/app/node_modules/p-some/index.js:31:11)
    at /usr/src/app/node_modules/p-some/index.js:69:23
    at processTicksAndRejections (internal/process/task_queues.js:93:5)

Expected behavior

This request to work.

This request works

running the code locally on a lot of developer machines
works via curl/wget from inside the Kube cluster node and pods

But it doesn’t work via node-oidc-client and got when running side the pod / container.

Code to reproduce

working on it, but it is hard because it only fails inside the container inside the pod inside the kube cluster

Checklist

[ x ] I have read the documentation.
[ x ] I have tried my code with the latest version of Node.js and Got.

Also reported in got’s repo https://github.com/sindresorhus/got/issues/1515

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 3
Comments: 20 (6 by maintainers)

Commits related to this issue

Added example Google OAuth integration through node-openid-client refs https://github.com/TryGhost/Team/issues/614 - The library is unusable with Ghost at this point and this code can be used to ill... — committed to naz/Ghost by naz 3 years ago

Most upvoted comments

also when you do any other thing with the library such as fetching user info, refreshing the token et al should get into this error so there’s no easy way around it.

Perhaps this lib could be request-library-agnostic and so if people really want to can replace got for superagent (to say an example).

You can always fork it and do that yourself.

On Wed, Jan 20, 2021 at 1:52 PM agix notifications@github.com wrote:

fetching .well-known endpoints manually

if you use got to fetch it manually (maybe other http library too) it will do the same.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/panva/node-openid-client/issues/320#issuecomment-763780498, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOEIJ6X3NYYLQLL73PJSNTS24C4TANCNFSM4VMSHU7A .

franleplant on Jan 20, 2021

Any clues to solve this will be highly appreciated

There is no bug here, you’re simply asking for help diagnosing your environment / build issues. Please open a Q&A discussion instead.

https://github.com/sindresorhus/got/issues/1515 or something similar monkey patching internals is likely the cause. Or just your kubernetes networking setup.

panva on Dec 29, 2020