Menu
▾
▴
Re: [Unity-idm-discuss] JWK endpoint responses 400 using accept header
|
From: Roman K. <ro...@un...> - 2023-05-02 09:53:37
|
Hello Sander, Krzysztof is out of the office for some time, so let me address your question. The "Accept" header is used by the client to indicate the MIME types of content that the client is able to understand and process. The purpose of the "Accept" header is to allow the client to negotiate with the server and receive content in a format that it can handle. The implementation of JWK produces data in "application/jwk-set+json" MIME type, thus the problem. This type was explicitly set by Krzysztof, likely based on RFC <https://www.rfc-editor.org/rfc/rfc7517> (likely, because he is not here to confirm). I'm not aware of any workaround that could be applied at Unity site to overcome this issue. Best regards, Roman śr., 26 kwi 2023 o 11:55 Sander Apweiler <sa....@fz...> napisał(a): > Hi Krzysztof, > we have got a OIDC client with has some trouble in the integration. The > used software eduMEET adds an "Accept: application/json" header to > communication with jwk endpoint. Testing it with curl commands it seems > that unity does not support this: > > with Accept-Header: > % curl -i -H "Accept: application/json" > 'https://login-dev.helmholtz.de/oauth2/jwk' > HTTP/1.1 400 Bad Request > Date: Tue, 25 Apr 2023 19:02:21 GMT > Strict-Transport-Security: max-age=31536000; includeSubDomains > X-Frame-Options: DENY > Content-Type: application/json > Content-Length: 91 > > {"error_description":"Unexpected server error; Server engine > error","error":"server_error"} > > > without Accept-Header: > > % curl -i 'https://login-dev.helmholtz.de/oauth2/jwk' > HTTP/1.1 200 OK > Date: Tue, 25 Apr 2023 19:02:43 GMT > Strict-Transport-Security: max-age=31536000; includeSubDomains > X-Frame-Options: DENY > Content-Type: application/jwk-set+json;charset=UTF-8 > Vary: Accept-Encoding > Content-Length: 396 > > {"keys":[{"kty":"RSA","e":"AQAB","use":"sig","n":"ni4t9tzJ8rjkw_FvIGdDI > _iiZC- > w2JthaNHcvN1B8tzGm2wdhp2f5ujlvI68Q2NMrzfF2aeS02nhs9PJ8FoBT53bRUJ9h5vFzQ > 4X0cRT8s1A4Ya_Ejs2xbJbBitvs4GwtNId8PnJGqI_BpAZQ26IMXXWpaL46N4vnnCb2p8yb > uL- > HOhAjNQS2gOnQ5djxow4yjkYPgF3YaoQ8AI8CrE3KuOJInTdGl_E4pauV5Zc_My9ZiKPhmC > u4xTNuHrIJAuUWZl8xnHLoANJAV5iMVVrm9xEVC5P6JOjuRxrLG37iV2YitCnUDwBY84bNI > nZSKuQhVjc2qyfbguJ-HCD5U17fQ"}]} > > Is this intended by you and do you have any idea of a workaround to > integrate the software? > > I didn't find something in the unity manual about this issue and it > seems that the OIDC standard did not cover this in the token > validation. > > Best regards, > Sander > > -- > Federated Systems and Data > Juelich Supercomputing Centre > > phone: +49 2461 61 8847 > fax: +49 2461 61 6656 > email: sa....@fz... > > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Stefan Müller > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), > Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, > Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss > |
