These classes should use reasonable default timeouts to avoid the possibility of a connection hanging.
A default RestTemplate with no timeout configured is used.
We had network issues recently and saw hung threads in these classes due to the connections never being released.
Since both of these classes rely on nimbus, perhaps the nimbus timeout settings could be re-used?
After researching this a bit, it does seem I could configure this at the JVM by setting
-Dsun.net.client.defaultConnectTimeout=
-Dsun.net.client.defaultReadTimeout=
but that's more broad than I would prefer.
Expected Behavior
These classes should use reasonable default timeouts to avoid the possibility of a connection hanging.
Current Behavior
A default RestTemplate with no timeout configured is used.
https://github.com/spring-projects/spring-security/blob/6.2.0/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java#L66
https://github.com/spring-projects/spring-security/blob/6.2.0/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java#L271
Context
We had network issues recently and saw hung threads in these classes due to the connections never being released.
It appears that nimbus sets a default timeout on http connections they make: https://www.javadoc.io/static/com.nimbusds/nimbus-jose-jwt/9.37.3/com/nimbusds/jose/jwk/source/JWKSourceBuilder.html#DEFAULT_HTTP_CONNECT_TIMEOUT
Since both of these classes rely on nimbus, perhaps the nimbus timeout settings could be re-used?
After researching this a bit, it does seem I could configure this at the JVM by setting
but that's more broad than I would prefer.