Open sergei-maertens opened 7 months ago
Seems legit for the handling of the application/jwt
content-type.
We stumbled on this issue where JWT content was in binary/byte array form, and the userinfo
response was impossible to decode (because not in standard JSON).
Closes #517
This is an initial draft to spark discussion about implementation details.
Changes:
application/jwt
processing in the userinfo endpointTopics to discuss:
none
?parse_www_authenticate_header
for the content type header processing, but it kinda borks on a value likeapplication/json; charset=utf-8
, so instead I use the (private) utility from therequests
library which can be controversial. I don't trust myself enough to correctly and safely parse HTTP headers :grimacing: