diff --git a/core/lib/oauth/client.js b/core/lib/oauth/client.js
index 52c51eb6ff422dc0899ccec31baf3fa39e42eeae..472772cfefc2c2947536d6a22b022c2f9c27c61f 100644
--- a/core/lib/oauth/client.js
+++ b/core/lib/oauth/client.js
@@ -5,9 +5,73 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.openidClient = openidClient;
 var _openidClient = require("openid-client");
+var httpProxyAgent = require("https-proxy-agent");
+
+function isGlobMatch(str, pattern) {
+  if (pattern === '*') return true;
+  if (pattern === str) return true;
+  if (pattern.startsWith('*')) {
+    var suffix = pattern.slice(1);
+    return str.endsWith(suffix) || str === suffix.replace(/^\./, '');
+  }
+  if (pattern.endsWith('*')) {
+    var prefix = pattern.slice(0, -1);
+    return str.startsWith(prefix);
+  }
+  return false;
+}
+
+function isUrlMatchingNoProxy(subjectUrl, noProxy) {
+  if (!noProxy) return false;
+  
+  var subjectUrlTokens;
+  try {
+    subjectUrlTokens = new URL(subjectUrl);
+  } catch (e) {
+    return false;
+  }
+
+  var rules = noProxy.split(/[\s,]+/).filter(function(r) { return r.length > 0; });
+
+  for (var i = 0; i < rules.length; i++) {
+    var rule = rules[i];
+    var normalizedRule = rule.replace(/^\./, '*');
+    var ruleMatch = normalizedRule.match(/^(.+?)(?::(\d+))?$/);
+    
+    if (!ruleMatch || !ruleMatch[1]) {
+      continue;
+    }
+    
+    var ruleHostname = ruleMatch[1].toLowerCase();
+    var rulePort = ruleMatch[2];
+    var subjectHostname = subjectUrlTokens.hostname.toLowerCase();
+    var subjectPort = subjectUrlTokens.port;
+    
+    var hostnameIsMatch = isGlobMatch(subjectHostname, ruleHostname);
+    var portIsMatch = !rulePort || (subjectPort && subjectPort === rulePort);
+    
+    if (hostnameIsMatch && portIsMatch) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 async function openidClient(options) {
   const provider = options.provider;
-  if (provider.httpOptions) _openidClient.custom.setHttpOptionsDefaults(provider.httpOptions);
+  let httpOptions = {};
+  if (provider.httpOptions) httpOptions = { ...provider.httpOptions };
+  
+  const proxyUrl = process.env.HTTPS_PROXY || process.env.HTTP_PROXY || process.env.https_proxy || process.env.http_proxy;
+  const noProxy = process.env.NO_PROXY || process.env.no_proxy || '';
+  
+  if (proxyUrl && provider.wellKnown && !isUrlMatchingNoProxy(provider.wellKnown, noProxy)) {
+    const agent = new httpProxyAgent.HttpsProxyAgent(proxyUrl);
+    httpOptions.agent = agent;
+  }
+  
+  _openidClient.custom.setHttpOptionsDefaults(httpOptions);
   let issuer;
   if (provider.wellKnown) {
     issuer = await _openidClient.Issuer.discover(provider.wellKnown);