fix: Allow user-configurable OIDC timeout (#7496)

docs/docs/documentation/getting-started/installation/backend-config.md

@@ -114,6 +114,7 @@ For usage, see [Usage - OpenID Connect](../authentication/oidc-v2.md)
 | OIDC_GROUPS_CLAIM                                                                   | groups  | Optional if not using `OIDC_USER_GROUP` or `OIDC_ADMIN_GROUP`. This is the claim Mealie will request from your IdP and will use to compare to `OIDC_USER_GROUP` or `OIDC_ADMIN_GROUP` to allow the user to log in to Mealie or is set as an admin. **Your IdP must be configured to grant this claim** |
 | OIDC_SCOPES_OVERRIDE                                                                |  None   | Advanced configuration used to override the scopes requested from the IdP. **Most users won't need to change this**. At a minimum, 'openid profile email' are required.                                                                                                                                |
 | OIDC_TLS_CACERTFILE                                                                 |  None   | File path to Certificate Authority used to verify server certificate (e.g. `/path/to/ca.crt`)                                                                                                                                                                                                          |
+| OIDC_CLIENT_TIMEOUT                                                                 | default | Configures the timeout value of the httpx client used for OIDC communications. If set to the string `default`, does not configure the value (uses the library's default of 5.0s). If set to the string `None`, disables the timeout entirely. If set to a numeric value, uses that as the timeout.     |
 
 ### OpenAI
 

mealie/core/settings/settings.py

@@ -3,7 +3,7 @@ import os
 import secrets
 from datetime import UTC, datetime
 from pathlib import Path
-from typing import Annotated, Any, NamedTuple
+from typing import Annotated, Any, Literal, NamedTuple
 
 from dateutil.tz import tzlocal
 from pydantic import PlainSerializer, field_validator
@@ -349,6 +349,7 @@ class AppSettings(AppLoggingSettings):
     OIDC_GROUPS_CLAIM: str | None = "groups"
     OIDC_SCOPES_OVERRIDE: str | None = None
     OIDC_TLS_CACERTFILE: str | None = None
+    OIDC_CLIENT_TIMEOUT: float | Literal["None", "default"] = "default"
 
     @property
     def OIDC_REQUIRES_GROUP_CLAIM(self) -> bool:

mealie/routes/auth/auth.py

@@ -1,4 +1,4 @@
-from typing import Annotated
+from typing import Annotated, Any
 
 from authlib.integrations.starlette_client import OAuth
 from fastapi import APIRouter, Depends, Header, Request, Response, status
@@ -36,7 +36,9 @@ if settings.OIDC_READY:
     else:
         groups_claim = settings.OIDC_GROUPS_CLAIM if settings.OIDC_REQUIRES_GROUP_CLAIM else ""
         scope = f"openid email profile {groups_claim}"
-    client_args = {"scope": scope.rstrip()}
+    client_args: dict[str, Any] = {"scope": scope.rstrip()}
+    if settings.OIDC_CLIENT_TIMEOUT != "default":
+        client_args["timeout"] = settings.OIDC_CLIENT_TIMEOUT if settings.OIDC_CLIENT_TIMEOUT != "None" else None
     if settings.OIDC_TLS_CACERTFILE:
         client_args["verify"] = settings.OIDC_TLS_CACERTFILE