Accept JSON on OAuth JWK endpoint#117
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughThe JWK endpoint now advertises JOSE JWK set and JSON media types. The exception mapper preserves responses from ChangesOAuth response handling
Estimated code review effort: 2 (Simple) | ~10 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
I think the proposed change is good, but it is missing a fix for one important aspect: error returned in case when requested mime type is unsupported should be 406. Also adding a test with really wrong mime type (and verifying an error) could be beneficial. |
|
Thanks, this was actionable. I added a follow-up that preserves Regression coverage was added for the mapper. I also verified the running TstServer endpoint:
Validation:
|
Summary
Accept
application/jsonon the OAuth JWK endpoint in addition to the standardapplication/jwk-set+jsonmedia type.Root cause
KeysResourcedeclared onlyapplication/jwk-set+json. CXF correctly rejectedAccept: application/jsonwith HTTP 406, but Unity's OAuth exception mapper converted that into a generic HTTP 400server_errorresponse.Fix
Declare
application/jsonas an additional produced representation while retaining the JWK-set media type for clients that request it.Tests
mvn -pl oauth -am -Dtest=DiscoveryResourceTest -Dsurefire.failIfNoSpecifiedTests=false -Dmaven.gitcommitid.skip=true test -Dgpg.skip=truefailed becauseapplication/jsonwas absent.mvn -pl oauth test -Dmaven.gitcommitid.skip=true -Dgpg.skip=truepassed (243 tests, 0 failures, 0 errors, 1 skipped).mvn -T 1C -pl integration-tests -am install -DskipTests -Dmaven.gitcommitid.skip=true -Dgpg.skip=truepassed./oauth2/jwkwithAccept: application/jsonnow returns 200 withContent-Type: application/json;Accept: application/jwk-set+jsonremains 200 withContent-Type: application/jwk-set+json;charset=UTF-8.git diff --checkpassed.coderabbit review --base upstream/dev --type committed --agentcompleted with 0 findings.Full repository test suite was not run.
Summary by CodeRabbit
Bug Fixes
application/json.Tests
@Producesmetadata includes both supported formats.