search

neustar / tcs-apis

STIR/SHAKEN Authentication & Verification Service APIs
http://neustar.github.io/tcs-apis
MIT License
6 stars 6 forks source link

"Accept: text/plain" is accepted #162

Open di-shi opened 1 year ago

di-shi commented 1 year ago

According to RFC/ATIS/3GPP, HTTP Accept header should be "application/json". But the test bed accepted "text/plain".

Tested on 1/24/2023.

di-shi commented 1 year ago

Test on 1/24/2023.

kpolitz commented 1 year ago

Acknowledged. Table V.2.3.2-1 in Annex V indicates that Content-Type is mandatory in the request and shall be set to "application/json". Did you send a Content-Type of "text/plain" in your request? If so, what Content-Type value was returned and did you get a 200 OK signing or verification response? Please note that Neustar's general APIs do support Content-Types beyond "application/json".

di-shi commented 1 year ago

Each test case is used to test only one check point. For this case, all other contents are correct including Content-Type is application/json, and 200 OK & Identity header are received.

kpolitz commented 1 year ago

Please share the /signing request and response for this use case. Thanks.

di-shi commented 1 year ago

Please share the /signing request and response for this use case. Thanks.

apiKey is removed

curl -i -k -s -X POST http://34.233.174.72:8000/stir/v1/signing?apiKey=XXXXXX -H Content-Type: application/json -H Accept: text/plain -d {"dest": {"tn": ["sip:+14045266060@example.com"]}, "iat": 1676565757, "orig": {"tn": "sip:+15551234567@example.com"}, "ppt": "shaken", "attest": "A", "origid": "98d09639-fbaf-11e7-9f54-000c29b1b39e"}

HTTP/1.1 200 OK
Date: Thu, 16 Feb 2023 16:42:37 GMT
Server: WSGIServer/0.2 CPython/3.7.16
Content-Type: application/json
X-Frame-Options: DENY
Content-Length: 543
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin

{"identityHeader": "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jYS1jbXMubmV1c3RhcmxhYi5iaXovY2NpZC9hdXRobi92Mi9jZXJ0cy8xMTA0MS4xMDAzNyJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxNDA0NTI2NjA2MCJdfSwiaWF0IjoxNjc2NTY1NzU3LCJvcmlnIjp7InRuIjoiMTU1NTEyMzQ1NjcifSwib3JpZ2lkIjoiOThkMDk2MzktZmJhZi0xMWU3LTlmNTQtMDAwYzI5YjFiMzllIn0.189xDzCg9wpIz9J53PnjTWy56VZVw2gQE4-Y0eyb4OQNNyVL5cksM5fzdEKJOSboswBQ1hwoHhnH4Q9h_F-aGw;info=<https://ca-cms.neustarlab.biz/ccid/authn/v2/certs/11041.10037>;alg=ES256;ppt=\"shaken\""}
kpolitz commented 1 year ago

Thanks for sharing. Per 3GPP, "Accept", if present, shall be set to "application/json". If entered as something else, then the group can discuss whether this should be a mandatory server validation.

kpolitz commented 1 year ago

To afford the most flexibility for server vendors, prefer not being too prescriptive as long as the expected or mandated inputs are supported. Can we close this Issue?