Closed matteo-s closed 6 months ago
https://www.iana.org/assignments/media-types/media-types.xhtml
includes both jose and JWT, I'm in favor to align to application/jwt
since jose includes also JWS using json serialization, while JWT only uses compact serialization
Verified with IPZS, uniformed use of application/jwt
for both SPID and CIE. fixed in https://github.com/italia/spid-cie-oidc-django/pull/291
The docs at https://docs.italia.it/italia/spid/spid-cie-oidc-docs/it/versione-corrente/userinfo_endpoint.html#response say that userinfo response content-type MUST be
application/jwt
for spid. For CIE I could not find any requirement.The current implementation always returns
application/jose
as type.https://github.com/italia/spid-cie-oidc-django/blob/2b0c2eff271ef290f90f62ba8b7a3d508b887543/spid_cie_oidc/provider/views/userinfo_endpoint.py#L105