Menu
▾
▴
Re: [Unity-idm-discuss] JWK endpoint responses 400 using accept header
|
From: Sander A. <sa....@fz...> - 2023-05-03 06:11:38
|
Hello Roman, thank you very much for jumping in. Thanks also for the explenation. A workaround is not needed anymore. The service provider did an update of the underlying libraries and now it is working. I got the confirmation over the weekend and had no time to forward it. Best regards, Sander On Tue, 2023-05-02 at 11:53 +0200, Roman Krysiński wrote: > Hello Sander, > > Krzysztof is out of the office for some time, so let me address your > question. > > The "Accept" header is used by the client to indicate the MIME types > of content that the client is able to understand and process. The > purpose of the "Accept" header is to allow the client to negotiate > with the server and receive content in a format that it can handle. > The implementation of JWK produces data in "application/jwk-set+json" > MIME type, thus the problem. This type was explicitly set by > Krzysztof, likely based on RFC (likely, because he is not here to > confirm). > > I'm not aware of any workaround that could be applied at Unity site > to overcome this issue. > > Best regards, > Roman > > > śr., 26 kwi 2023 o 11:55 Sander Apweiler <sa....@fz...> > napisał(a): > > Hi Krzysztof, > > we have got a OIDC client with has some trouble in the integration. > > The > > used software eduMEET adds an "Accept: application/json" header to > > communication with jwk endpoint. Testing it with curl commands it > > seems > > that unity does not support this: > > > > with Accept-Header: > > % curl -i -H "Accept: application/json" > > 'https://login-dev.helmholtz.de/oauth2/jwk' > > HTTP/1.1 400 Bad Request > > Date: Tue, 25 Apr 2023 19:02:21 GMT > > Strict-Transport-Security: max-age=31536000; includeSubDomains > > X-Frame-Options: DENY > > Content-Type: application/json > > Content-Length: 91 > > > > {"error_description":"Unexpected server error; Server engine > > error","error":"server_error"} > > > > > > without Accept-Header: > > > > % curl -i 'https://login-dev.helmholtz.de/oauth2/jwk' > > HTTP/1.1 200 OK > > Date: Tue, 25 Apr 2023 19:02:43 GMT > > Strict-Transport-Security: max-age=31536000; includeSubDomains > > X-Frame-Options: DENY > > Content-Type: application/jwk-set+json;charset=UTF-8 > > Vary: Accept-Encoding > > Content-Length: 396 > > > > {"keys":[{"kty":"RSA","e":"AQAB","use":"sig","n":"ni4t9tzJ8rjkw_FvI > > GdDI > > _iiZC- > > w2JthaNHcvN1B8tzGm2wdhp2f5ujlvI68Q2NMrzfF2aeS02nhs9PJ8FoBT53bRUJ9h5 > > vFzQ > > 4X0cRT8s1A4Ya_Ejs2xbJbBitvs4GwtNId8PnJGqI_BpAZQ26IMXXWpaL46N4vnnCb2 > > p8yb > > uL- > > HOhAjNQS2gOnQ5djxow4yjkYPgF3YaoQ8AI8CrE3KuOJInTdGl_E4pauV5Zc_My9ZiK > > PhmC > > u4xTNuHrIJAuUWZl8xnHLoANJAV5iMVVrm9xEVC5P6JOjuRxrLG37iV2YitCnUDwBY8 > > 4bNI > > nZSKuQhVjc2qyfbguJ-HCD5U17fQ"}]} > > > > Is this intended by you and do you have any idea of a workaround to > > integrate the software? > > > > I didn't find something in the unity manual about this issue and it > > seems that the OIDC standard did not cover this in the token > > validation. > > > > Best regards, > > Sander > > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
