OpenID: HTTP 406 error for userinfo endpoint

By: Leor Barth user 31 Jul 2017 at 3:16 a.m. CDT

4 Responses
Leor Barth gravatar
We are getting HTTP error code 406 when accessing the /userinfo endpoint. This happens when the Accept header is set to application/json. Changing the Accept header to application/* results in "200 OK" response. This seems strange since the Content-Type of the "200 OK" response is application/json! Client library is IdentityModel/OidcClient2. CURL dump: 1. Sending request to userinfo endpoint with accept header set to application/json results in HTTP error 406 ``` > curl -k -v -X GET https://id.priority-software.com/oxauth/seam/resource/restv1/oxauth/userinfo -H "accept: application/json" -H "authorization: Bearer 06641108-bcd2-4f98-84ec-d5f2180f9b07" > GET /oxauth/seam/resource/restv1/oxauth/userinfo HTTP/1.1 > User-Agent: curl/7.36.0 > Host: id.priority-software.com > accept: application/json > authorization: Bearer 06641108-bcd2-4f98-84ec-d5f2180f9b07 > < HTTP/1.1 406 No match for accept header < Date: Mon, 31 Jul 2017 07:37:15 GMT < Server: Jetty(9.3.15.v20161220) < X-Xss-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Strict-Transport-Security: max-age=31536000; includeSubDomains < Cache-Control: must-revalidate,no-cache,no-store < Set-Cookie: JSESSIONID=1dxdfv24szvyz14cl01ydhl328;Path=/oxauth;Secure;HttpOnly < Access-Control-Allow-Origin: * < Transfer-Encoding: chunked < ``` 2. When changing accept header to application/*, works fine: ``` >curl -k -v -X GET https://id.priority-software.com/oxauth/seam/resource/restv1/oxauth/userinfo -H "accept: application/*" -H "authorization: Bearer 06641108-bcd2-4f98-84ec-d5f2180f9b07" > GET /oxauth/seam/resource/restv1/oxauth/userinfo HTTP/1.1 > User-Agent: curl/7.36.0 > Host: id.priority-software.com > accept: application/* > authorization: Bearer 06641108-bcd2-4f98-84ec-d5f2180f9b07 > < HTTP/1.1 200 OK < Date: Mon, 31 Jul 2017 07:37:25 GMT < Server: Jetty(9.3.15.v20161220) < X-Xss-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Strict-Transport-Security: max-age=31536000; includeSubDomains < Expires: Thu, 01 Jan 1970 00:00:00 GMT < Content-Type: application/json;charset=UTF-8 < Cache-Control: no-store, private < Pragma: no-cache < Set-Cookie: JSESSIONID=rljw6a2d0n2q1oxnl3fqs0mh;Path=/oxauth;Secure;HttpOnly < Access-Control-Allow-Origin: * < Transfer-Encoding: chunked < {"sub":"0Hv6cGL6LMlVwrkd02BlGjiDBhcYK_m_AyRvkv-VjNw","name":"Alice","given_name":"Alice","family_name":"Abramov","email":"alice@gmail.com"} ``` Note: Duplicate ticket https://support.gluu.org/authentication/4140/openid-userinfo-endpoint-406-error/ seems not to have been resolved. Thanks! ~ Leor.
U1404
closed

Answers

By Gerald Haesendonck user 02 Aug 2017 at 7:55 a.m. CDT

Copy
Gerald Haesendonck gravatar
We experience the exact same problem with other libraries, like [Spring Security](https://projects.spring.io/spring-security-oauth/) and the [OpenId Connect Drupal module](https://www.drupal.org/project/openid_connect), which also set the accept header to `application/json`.

By Michael Schwartz Account Admin 06 Aug 2017 at 11:07 p.m. CDT

Copy
Michael Schwartz gravatar
We will patch this...

By Leor Barth user 07 Aug 2017 at 1:35 a.m. CDT

Copy
Leor Barth gravatar
Awesome, thanks!

By Mohib Zico Account Admin 06 Sep 2017 at 8:27 a.m. CDT

Copy
Mohib Zico gravatar
[Here](https://github.com/GluuFederation/oxAuth/issues/635) is the github issue to track.

Post an answer