chore: add telemetry and options to disable (#1864)

README.md

@@ -127,6 +127,8 @@ You can customize the client by using the options below:
 | pushedAuthorizationRequests | `boolean`                 | Configure the SDK to use the Pushed Authorization Requests (PAR) protocol when communicating with the authorization server.                                                                                                            |
 | routes                      | `Routes`                  | Configure the paths for the authentication routes. See [Custom routes](#custom-routes) for additional details.                                                                                                                         |
 | allowInsecureRequests       | `boolean`                 | Allow insecure requests to be made to the authorization server. This can be useful when testing with a mock OIDC provider that does not support TLS, locally. This option can only be used when `NODE_ENV` is not set to `production`. |
+| httpTimeout                 | `number`                  | Integer value for the HTTP timeout in milliseconds for authentication requests. Defaults to `5000` milliseconds                                                                                                                        |
+| enableTelemetry             | `boolean`                 | Boolean value to opt-out of sending the library name and version to your authorization server via the `Auth0-Client` header. Defaults to `true`.                                                                                       |
 
 ## Passing authorization parameters
 

src/server/auth-client.ts

@@ -102,6 +102,8 @@ export interface AuthClientOptions {
   fetch?: typeof fetch
   jwksCache?: jose.JWKSCacheInput
   allowInsecureRequests?: boolean
+  httpTimeout?: number
+  enableTelemetry?: boolean
 }
 
 export class AuthClient {
@@ -127,12 +129,38 @@ export class AuthClient {
   private fetch: typeof fetch
   private jwksCache: jose.JWKSCacheInput
   private allowInsecureRequests: boolean
+  private httpOptions: () => oauth.HttpRequestOptions<"GET" | "POST">
 
   constructor(options: AuthClientOptions) {
     // dependencies
     this.fetch = options.fetch || fetch
     this.jwksCache = options.jwksCache || {}
     this.allowInsecureRequests = options.allowInsecureRequests ?? false
+    this.httpOptions = () => {
+      const headers = new Headers()
+      const enableTelemetry = options.enableTelemetry ?? true
+      const timeout = options.httpTimeout ?? 5000
+      if (enableTelemetry) {
+        const name = "nextjs-auth0"
+        const version = "4.0.0"
+
+        headers.set("User-Agent", `${name}/${version}`)
+        headers.set(
+          "Auth0-Client",
+          encodeBase64(
+            JSON.stringify({
+              name,
+              version,
+            })
+          )
+        )
+      }
+
+      return {
+        signal: AbortSignal.timeout(timeout),
+        headers,
+      }
+    }
 
     if (this.allowInsecureRequests && process.env.NODE_ENV === "production") {
       console.warn(
@@ -389,6 +417,7 @@ export class AuthClient {
       redirectUri.toString(),
       transactionState.codeVerifier,
       {
+        ...this.httpOptions(),
         [oauth.customFetch]: this.fetch,
         [oauth.allowInsecureRequests]: this.allowInsecureRequests,
       }
@@ -585,6 +614,7 @@ export class AuthClient {
         await this.getClientAuth(),
         tokenSet.refreshToken,
         {
+          ...this.httpOptions(),
           [oauth.customFetch]: this.fetch,
           [oauth.allowInsecureRequests]: this.allowInsecureRequests,
         }
@@ -639,6 +669,7 @@ export class AuthClient {
     try {
       const authorizationServerMetadata = await oauth
         .discoveryRequest(issuer, {
+          ...this.httpOptions(),
           [oauth.customFetch]: this.fetch,
           [oauth.allowInsecureRequests]: this.allowInsecureRequests,
         })
@@ -805,6 +836,7 @@ export class AuthClient {
         await this.getClientAuth(),
         params,
         {
+          ...this.httpOptions(),
           [oauth.customFetch]: this.fetch,
           [oauth.allowInsecureRequests]: this.allowInsecureRequests,
         }
@@ -876,3 +908,16 @@ export class AuthClient {
       : `https://${this.domain}`
   }
 }
+
+const encodeBase64 = (input: string) => {
+  const unencoded = new TextEncoder().encode(input)
+  const CHUNK_SIZE = 0x8000
+  const arr = []
+  for (let i = 0; i < unencoded.length; i += CHUNK_SIZE) {
+    arr.push(
+      // @ts-expect-error Argument of type 'Uint8Array' is not assignable to parameter of type 'number[]'.
+      String.fromCharCode.apply(null, unencoded.subarray(i, i + CHUNK_SIZE))
+    )
+  }
+  return btoa(arr.join(""))
+}

src/server/client.ts

@@ -123,6 +123,18 @@ interface Auth0ClientOptions {
    * This option can only be used when NODE_ENV is not set to `production`.
    */
   allowInsecureRequests?: boolean
+
+  /**
+   * Integer value for the HTTP timeout in milliseconds for authentication requests.
+   * Defaults to `5000` ms.
+   */
+  httpTimeout?: number
+
+  /**
+   * Boolean value to opt-out of sending the library name and version to your authorization server
+   * via the `Auth0-Client` header. Defaults to `true`.
+   */
+  enableTelemetry?: boolean
 }
 
 type PagesRouterRequest = IncomingMessage | NextApiRequest
@@ -201,6 +213,8 @@ export class Auth0Client {
       routes: options.routes,
 
       allowInsecureRequests: options.allowInsecureRequests,
+      httpTimeout: options.httpTimeout,
+      enableTelemetry: options.enableTelemetry,
     })
   }