Skip to content

feat: pass SSL/connect options through to Req in HTTP client #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
scrogson merged 2 commits into from
Feb 5, 2026
Merged

feat: pass SSL/connect options through to Req in HTTP client #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2803498
feat: pass SSL/connect options through to Req in HTTP client
spunkedy Feb 5, 2026
059999b
docs: add comment clarifying Req 0.5.17 connect_options usage
spunkedy Feb 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 45 additions & 1 deletion lib/no_way_jose/jwks/http_client.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,40 @@ defmodule NoWayJose.Jwks.HttpClient do
a custom implementation by passing the `:http_client` option to
`NoWayJose.start_jwks_fetcher/3`.

## Options

The following options are supported by the default implementation:

- `:timeout` - Connection and receive timeout in milliseconds (default: 30000)
- `:connect_options` - Options passed to `Req`'s `:connect_options`, including:
- `:transport_opts` - Options for the underlying socket, such as SSL settings

## SSL Configuration

To disable SSL certificate verification (useful for self-signed certificates
in development/staging environments):

NoWayJose.start_jwks_fetcher("auth0", url,
http_opts: [
connect_options: [
transport_opts: [verify: :verify_none]
]
]
)

To use a custom CA certificate:

NoWayJose.start_jwks_fetcher("auth0", url,
http_opts: [
connect_options: [
transport_opts: [
verify: :verify_peer,
cacertfile: "/path/to/ca-cert.pem"
]
]
]
)

## Custom Implementation

To implement a custom HTTP client:
Expand Down Expand Up @@ -59,8 +93,18 @@ defmodule NoWayJose.Jwks.HttpClient do

defp fetch_with_req(url, opts) do
timeout = Keyword.get(opts, :timeout, 30_000)
connect_options = Keyword.get(opts, :connect_options, [])

# Merge timeout into connect_options, preserving any user-provided options
connect_options = Keyword.put_new(connect_options, :timeout, timeout)

# Build Req options with connect_options (Req 0.5.17 doesn't support finch_options)
req_opts = [
receive_timeout: timeout,
connect_options: connect_options
]

case Req.get(url, receive_timeout: timeout, connect_options: [timeout: timeout]) do
case Req.get(url, req_opts) do
{:ok, %{status: 200, body: body}} when is_binary(body) ->
{:ok, body}

Expand Down
13 changes: 13 additions & 0 deletions test/no_way_jose_test.exs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -586,6 +586,19 @@ defmodule NoWayJoseTest do
end
end

# ============================================================
# HTTP Client tests
# ============================================================

describe "Jwks.HttpClient" do
@tag :integration
test "passes connect_options through to Req" do
opts = [connect_options: [transport_opts: [verify: :verify_none]]]
assert {:ok, body} = NoWayJose.Jwks.HttpClient.fetch("https://httpbin.org/get", opts)
assert is_binary(body)
end
end

# ============================================================
# Helper functions
# ============================================================
Expand Down