From c7c7ba517e0a8f489a18b7b9946238da1451054f Mon Sep 17 00:00:00 2001
From: Benoit Sepe <bsepe@twitter.com>
Date: Thu, 13 Feb 2020 17:06:05 +0000
Subject: [PATCH 1/2] feat: add proxy option to jwksClient

---
 README.md                 |  3 ++-
 index.d.ts                |  1 +
 src/JwksClient.js         |  3 ++-
 tests/jwksClient.tests.js | 46 ++++++++++++++++++++++++++++++++++++++-
 4 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 6d0e704..35b397f 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,8 @@ const client = jwksClient({
   strictSsl: true, // Default value
   jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
   requestHeaders: {}, // Optional
-  requestAgentOptions: {} // Optional
+  requestAgentOptions: {}, // Optional
+  proxy: '[protocol]://[username]:[pass]@[address]:[port]', // Optional
 });
 
 const kid = 'RkI5MjI5OUY5ODc1N0Q4QzM0OUYzNkVGMTJDOUEzQkFCOTU3NjE2Rg';
diff --git a/index.d.ts b/index.d.ts
index 36d9781..c874b4b 100644
--- a/index.d.ts
+++ b/index.d.ts
@@ -22,6 +22,7 @@ declare namespace JwksRsa {
     cacheMaxEntries?: number;
     cacheMaxAge?: number;
     jwksRequestsPerMinute?: number;
+    proxy?: string;
     strictSsl?: boolean;
     requestHeaders?: Headers;
   }
diff --git a/src/JwksClient.js b/src/JwksClient.js
index 411b930..d8318e6 100644
--- a/src/JwksClient.js
+++ b/src/JwksClient.js
@@ -40,7 +40,8 @@ export class JwksClient {
       uri: this.options.jwksUri,
       strictSSL: this.options.strictSsl,
       headers: this.options.requestHeaders,
-      agentOptions: this.options.requestAgentOptions
+      agentOptions: this.options.requestAgentOptions,
+      proxy: this.options.proxy,
     }, (err, res) => {
       if (err || res.statusCode < 200 || res.statusCode >= 300) {
         this.logger('Failure:', res && res.body || err);
diff --git a/tests/jwksClient.tests.js b/tests/jwksClient.tests.js
index 075a96e..e69baa0 100644
--- a/tests/jwksClient.tests.js
+++ b/tests/jwksClient.tests.js
@@ -6,6 +6,7 @@ import { JwksClient } from "../src/JwksClient";
 
 describe("JwksClient", () => {
   const jwksHost = "http://my-authz-server";
+  const proxy = "my-proxy-server:2815";
 
   beforeEach(() => {
     nock.cleanAll();
@@ -182,8 +183,51 @@ describe("JwksClient", () => {
         done();
       });
     });
-  });
 
+    it("should add a proxy", done => {
+      nock(jwksHost)
+        .get("/.well-known/jwks.json")
+        .reply(function(uri, requestBody) {
+          expect(this.req.headers).not.to.be.null;
+          expect(this.req.headers["user-agent"]).to.be.equal("My-bot");
+          expect(Object.keys(this.req.headers).length).to.be.equal(3);
+          return (
+            200,
+            {
+              keys: [
+                {
+                  alg: "RS256",
+                  kty: "RSA",
+                  use: "sig",
+                  x5c: ["pk1"],
+                  kid: "ABC"
+                },
+                {
+                  alg: "RS256",
+                  kty: "RSA",
+                  use: "sig",
+                  x5c: [],
+                  kid: "123"
+                }
+              ]
+            }
+          );
+        });
+  
+      const client = new JwksClient({
+        jwksUri: `${jwksHost}/.well-known/jwks.json`,
+        requestHeaders: {
+          "User-Agent": "My-bot"
+        },
+        proxy: `http://username:password@${proxy}`,
+      });
+  
+      client.getKeys((err, keys) => {
+        done();
+      });
+    });
+  });
+  
   describe("#getSigningKeys", () => {
     it("should handle errors", done => {
       nock(jwksHost)

From bc915d761b4c33d9a522ac541dca58f2e7ade03d Mon Sep 17 00:00:00 2001
From: Benoit Sepe <bsepe@twitter.com>
Date: Mon, 17 Feb 2020 13:09:10 +0000
Subject: [PATCH 2/2] test: better testing for proxy

---
 tests/jwksClient.tests.js | 37 +++++++------------------------------
 1 file changed, 7 insertions(+), 30 deletions(-)

diff --git a/tests/jwksClient.tests.js b/tests/jwksClient.tests.js
index e69baa0..c9522c7 100644
--- a/tests/jwksClient.tests.js
+++ b/tests/jwksClient.tests.js
@@ -184,35 +184,11 @@ describe("JwksClient", () => {
       });
     });
 
-    it("should add a proxy", done => {
-      nock(jwksHost)
-        .get("/.well-known/jwks.json")
-        .reply(function(uri, requestBody) {
-          expect(this.req.headers).not.to.be.null;
-          expect(this.req.headers["user-agent"]).to.be.equal("My-bot");
-          expect(Object.keys(this.req.headers).length).to.be.equal(3);
-          return (
-            200,
-            {
-              keys: [
-                {
-                  alg: "RS256",
-                  kty: "RSA",
-                  use: "sig",
-                  x5c: ["pk1"],
-                  kid: "ABC"
-                },
-                {
-                  alg: "RS256",
-                  kty: "RSA",
-                  use: "sig",
-                  x5c: [],
-                  kid: "123"
-                }
-              ]
-            }
-          );
-        });
+    it("should use a proxy if specified", done => {
+      const expectedError = { message: 'expectedError' };
+      nock(`http://${proxy}`)
+        .get(() => true)
+        .replyWithError(expectedError);
   
       const client = new JwksClient({
         jwksUri: `${jwksHost}/.well-known/jwks.json`,
@@ -222,7 +198,8 @@ describe("JwksClient", () => {
         proxy: `http://username:password@${proxy}`,
       });
   
-      client.getKeys((err, keys) => {
+      client.getKeys((err) => {
+        expect(err).to.equal(expectedError);
         done();
       });
     });