Increase default response/request buffer size for OAuth2 client #18836

wendigo · 2023-08-28T13:15:27Z

For some of the identity providers the default buffer sizes are too small to work out of the box, when authentication tokens size exceeds the default request buffer size of 4KB.

In these cases the default configuration will fail with:

io.trino.server.security.oauth2.NimbusAirliftHttpClient Received bad response from endpoint java.lang.IllegalArgumentException: Request header too large
    at org.eclipse.jetty.client.http.HttpSenderOverHTTP$HeadersCallback.process(HttpSenderOverHTTP.java:182)
    at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:232)
    at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:214)
    at org.eclipse.jetty.client.http.HttpSenderOverHTTP.sendHeaders(HttpSenderOverHTTP.java:79)
    at org.eclipse.jetty.client.HttpSender$ContentConsumer.onContent(HttpSender.java:496)
    at org.eclipse.jetty.client.util.AbstractRequestContent$AbstractSubscription.notifyContent(AbstractRequestContent.java:207)
    at org.eclipse.jetty.client.util.AbstractRequestContent$AbstractSubscription.processContent(AbstractRequestContent.java:181)
    at org.eclipse.jetty.client.util.BytesRequestContent$SubscriptionImpl.produceContent(BytesRequestContent.java:83)
    at org.eclipse.jetty.client.util.AbstractRequestContent$AbstractSubscription.produce(AbstractRequestContent.java:117)
    at org.eclipse.jetty.client.util.AbstractRequestContent$AbstractSubscription.demand(AbstractRequestContent.java:93)
    at org.eclipse.jetty.client.HttpSender.demand(HttpSender.java:237)
    at org.eclipse.jetty.client.HttpSender.send(HttpSender.java:83)
    at org.eclipse.jetty.client.http.HttpChannelOverHTTP.send(HttpChannelOverHTTP.java:80)
    at org.eclipse.jetty.client.HttpChannel.send(HttpChannel.java:122)
    at org.eclipse.jetty.client.HttpConnection.send(HttpConnection.java:111)
    at org.eclipse.jetty.client.http.HttpConnectionOverHTTP$Delegate.send(HttpConnectionOverHTTP.java:301)
    at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.send(HttpConnectionOverHTTP.java:146)
    at org.eclipse.jetty.client.HttpDestination.send(HttpDestination.java:440)
    at org.eclipse.jetty.client.HttpDestination.process(HttpDestination.java:416)
    at org.eclipse.jetty.client.HttpDestination.process(HttpDestination.java:371)
    at org.eclipse.jetty.client.HttpDestination.send(HttpDestination.java:354)
    at org.eclipse.jetty.client.HttpDestination.send(HttpDestination.java:348)
    at org.eclipse.jetty.client.HttpDestination.send(HttpDestination.java:325)
    at org.eclipse.jetty.client.HttpDestination.send(HttpDestination.java:304)
    at org.eclipse.jetty.client.HttpClient.send(HttpClient.java:591)
    at org.eclipse.jetty.client.HttpRequest.sendAsync(HttpRequest.java:819)
    at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:807)
    at io.airlift.http.client.jetty.JettyHttpClient.execute(JettyHttpClient.java:578)
    at io.trino.server.security.oauth2.NimbusAirliftHttpClient.execute(NimbusAirliftHttpClient.java:102)
    at io.trino.server.security.oauth2.NimbusOAuth2Client.queryUserInfo(NimbusOAuth2Client.java:379)
    at io.trino.server.security.oauth2.NimbusOAuth2Client.getJWTClaimsSet(NimbusOAuth2Client.java:371)
    at io.trino.server.security.oauth2.NimbusOAuth2Client$OAuth2WithOidcExtensionsCodeFlow.toResponse(NimbusOAuth2Client.java:303)
    at io.trino.server.security.oauth2.NimbusOAuth2Client$OAuth2WithOidcExtensionsCodeFlow.getOAuth2Response(NimbusOAuth2Client.java:285)
    at io.trino.server.security.oauth2.NimbusOAuth2Client.getOAuth2Response(NimbusOAuth2Client.java:168)
    at io.trino.server.security.oauth2.OAuth2Service.finishOAuth2Challenge(OAuth2Service.java:169)
    at io.trino.server.security.oauth2.OAuth2CallbackResource.callback(OAuth2CallbackResource.java:71)

Description

Additional context and related issues

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text:

# Section
* Fix some things. ({issue}`issuenumber`)

For some of the identity providers the default buffer sizes are too small to work out of the box, when authentication tokens size exceeds the default request buffer size of 4KB. In these cases the default configuration will fail with: ``` io.trino.server.security.oauth2.NimbusAirliftHttpClient Received bad response from endpoint java.lang.IllegalArgumentException: Request header too large at org.eclipse.jetty.client.http.HttpSenderOverHTTP$HeadersCallback.process(HttpSenderOverHTTP.java:182) at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:232) at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:214) at org.eclipse.jetty.client.http.HttpSenderOverHTTP.sendHeaders(HttpSenderOverHTTP.java:79) at org.eclipse.jetty.client.HttpSender$ContentConsumer.onContent(HttpSender.java:496) at org.eclipse.jetty.client.util.AbstractRequestContent$AbstractSubscription.notifyContent(AbstractRequestContent.java:207) at org.eclipse.jetty.client.util.AbstractRequestContent$AbstractSubscription.processContent(AbstractRequestContent.java:181) at org.eclipse.jetty.client.util.BytesRequestContent$SubscriptionImpl.produceContent(BytesRequestContent.java:83) at org.eclipse.jetty.client.util.AbstractRequestContent$AbstractSubscription.produce(AbstractRequestContent.java:117) at org.eclipse.jetty.client.util.AbstractRequestContent$AbstractSubscription.demand(AbstractRequestContent.java:93) at org.eclipse.jetty.client.HttpSender.demand(HttpSender.java:237) at org.eclipse.jetty.client.HttpSender.send(HttpSender.java:83) at org.eclipse.jetty.client.http.HttpChannelOverHTTP.send(HttpChannelOverHTTP.java:80) at org.eclipse.jetty.client.HttpChannel.send(HttpChannel.java:122) at org.eclipse.jetty.client.HttpConnection.send(HttpConnection.java:111) at org.eclipse.jetty.client.http.HttpConnectionOverHTTP$Delegate.send(HttpConnectionOverHTTP.java:301) at org.eclipse.jetty.client.http.HttpConnectionOverHTTP.send(HttpConnectionOverHTTP.java:146) at org.eclipse.jetty.client.HttpDestination.send(HttpDestination.java:440) at org.eclipse.jetty.client.HttpDestination.process(HttpDestination.java:416) at org.eclipse.jetty.client.HttpDestination.process(HttpDestination.java:371) at org.eclipse.jetty.client.HttpDestination.send(HttpDestination.java:354) at org.eclipse.jetty.client.HttpDestination.send(HttpDestination.java:348) at org.eclipse.jetty.client.HttpDestination.send(HttpDestination.java:325) at org.eclipse.jetty.client.HttpDestination.send(HttpDestination.java:304) at org.eclipse.jetty.client.HttpClient.send(HttpClient.java:591) at org.eclipse.jetty.client.HttpRequest.sendAsync(HttpRequest.java:819) at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:807) at io.airlift.http.client.jetty.JettyHttpClient.execute(JettyHttpClient.java:578) at io.trino.server.security.oauth2.NimbusAirliftHttpClient.execute(NimbusAirliftHttpClient.java:102) at io.trino.server.security.oauth2.NimbusOAuth2Client.queryUserInfo(NimbusOAuth2Client.java:379) at io.trino.server.security.oauth2.NimbusOAuth2Client.getJWTClaimsSet(NimbusOAuth2Client.java:371) at io.trino.server.security.oauth2.NimbusOAuth2Client$OAuth2WithOidcExtensionsCodeFlow.toResponse(NimbusOAuth2Client.java:303) at io.trino.server.security.oauth2.NimbusOAuth2Client$OAuth2WithOidcExtensionsCodeFlow.getOAuth2Response(NimbusOAuth2Client.java:285) at io.trino.server.security.oauth2.NimbusOAuth2Client.getOAuth2Response(NimbusOAuth2Client.java:168) at io.trino.server.security.oauth2.OAuth2Service.finishOAuth2Challenge(OAuth2Service.java:169) at io.trino.server.security.oauth2.OAuth2CallbackResource.callback(OAuth2CallbackResource.java:71) ```

wendigo requested review from dain and lukasz-walkiewicz August 28, 2023 13:15

cla-bot bot added the cla-signed label Aug 28, 2023

kokosing approved these changes Aug 28, 2023

View reviewed changes

lukasz-walkiewicz approved these changes Aug 28, 2023

View reviewed changes

wendigo merged commit aa5d49a into trinodb:master Aug 28, 2023

github-actions bot added this to the 426 milestone Aug 28, 2023

colebow mentioned this pull request Aug 30, 2023

Add Trino 426 release notes #18867

Merged

wendigo deleted the serafin/default-oauth2-config branch January 21, 2025 11:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Increase default response/request buffer size for OAuth2 client #18836

Increase default response/request buffer size for OAuth2 client #18836

wendigo commented Aug 28, 2023

Increase default response/request buffer size for OAuth2 client #18836

Increase default response/request buffer size for OAuth2 client #18836

Conversation

wendigo commented Aug 28, 2023

Description

Additional context and related issues

Release notes