Intermittent Azure AD discovery failures during cold start with lua-resty-openidc #540
Description
I have the following production environment setup:
- openresty:alpine-fat docker image deployed to AWS App Runner
- Nginx files using
lua-resty-openidc.
When hitting the URL to the server, there is a cold start if the docker image hasn't been running for a while.
I sometimes get a accessing discovery url (https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration) failed: network unreachable.
After few seconds, I can refresh the page and the error is gone.
I also see the same error when using the docker image in Docker Desktop.
To get around this error, I've created a retry wrapper, passing in a delay and retry.
function _M.authenticate_with_retry(opts, max_retries, retry_delay)
local res, err
local attempts = 0
max_retries = tonumber(max_retries)
retry_delay = tonumber(retry_delay)
while attempts < max_retries do
res, err = require("resty.openidc").authenticate(opts)
if res then
return res
end
attempts = attempts + 1
if attempts < max_retries then
ngx.log(ngx.NOTICE, "Authentication failed, attempt ", attempts, " of ", max_retries, ". Retrying in ", retry_delay, " seconds.")
ngx.sleep(retry_delay)
end
end
ngx.log(ngx.ERR, "Authentication failed after ", max_retries, " attempts: ", err)
return nil, err
end`res, err = _M.authenticate_with_retry(opts, max_retries, retry_delay)`Is there any built in functionality that already handles this?
Or is this something we should raise a pull request to implement?
Thanks