Open di-shi opened 1 year ago
Test on 1/24/2023.
Acknowledged. Table V.2.3.2-1 in Annex V indicates that Content-Type is mandatory in the request and shall be set to "application/json". Did you send a Content-Type of "text/plain" in your request? If so, what Content-Type value was returned and did you get a 200 OK signing or verification response? Please note that Neustar's general APIs do support Content-Types beyond "application/json".
Each test case is used to test only one check point. For this case, all other contents are correct including Content-Type is application/json, and 200 OK & Identity header are received.
Please share the /signing request and response for this use case. Thanks.
Please share the /signing request and response for this use case. Thanks.
apiKey is removed
curl -i -k -s -X POST http://34.233.174.72:8000/stir/v1/signing?apiKey=XXXXXX -H Content-Type: application/json -H Accept: text/plain -d {"dest": {"tn": ["sip:+14045266060@example.com"]}, "iat": 1676565757, "orig": {"tn": "sip:+15551234567@example.com"}, "ppt": "shaken", "attest": "A", "origid": "98d09639-fbaf-11e7-9f54-000c29b1b39e"}
HTTP/1.1 200 OK
Date: Thu, 16 Feb 2023 16:42:37 GMT
Server: WSGIServer/0.2 CPython/3.7.16
Content-Type: application/json
X-Frame-Options: DENY
Content-Length: 543
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
{"identityHeader": "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jYS1jbXMubmV1c3RhcmxhYi5iaXovY2NpZC9hdXRobi92Mi9jZXJ0cy8xMTA0MS4xMDAzNyJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxNDA0NTI2NjA2MCJdfSwiaWF0IjoxNjc2NTY1NzU3LCJvcmlnIjp7InRuIjoiMTU1NTEyMzQ1NjcifSwib3JpZ2lkIjoiOThkMDk2MzktZmJhZi0xMWU3LTlmNTQtMDAwYzI5YjFiMzllIn0.189xDzCg9wpIz9J53PnjTWy56VZVw2gQE4-Y0eyb4OQNNyVL5cksM5fzdEKJOSboswBQ1hwoHhnH4Q9h_F-aGw;info=<https://ca-cms.neustarlab.biz/ccid/authn/v2/certs/11041.10037>;alg=ES256;ppt=\"shaken\""}
Thanks for sharing. Per 3GPP, "Accept", if present, shall be set to "application/json". If entered as something else, then the group can discuss whether this should be a mandatory server validation.
To afford the most flexibility for server vendors, prefer not being too prescriptive as long as the expected or mandated inputs are supported. Can we close this Issue?
According to RFC/ATIS/3GPP, HTTP Accept header should be "application/json". But the test bed accepted "text/plain".
Tested on 1/24/2023.