Description
Summary
The NimbusJwtDecoderJwkSupport is not able to retrieve the JWK Set because it gets a HTTP 406 (Not Accepted). It tries to retrieve it from an endpoint that only produces the media-type application/jwk-set+json. This media-type is the proper media-type for this kind of endpoint as specified in https://tools.ietf.org/html/rfc7517. This new behaviour is introduced around the release of version 5.1.
Actual Behavior
The NimbusJwtDecoderJwkSupport gets a HTTP 406 when trying to retrieve a JWK Set from an endpoint that only produces the media-type application/jwk-set+json.
Expected Behavior
The NimbusJwtDecoderJwkSupport gets a HTTP 200 when trying to retrieve a JWK Set from an endpoint that only produces the media-type 'application/jwk-set+json'.
Configuration
The endpoint produces only the media-type application/jwk-set+json. This looks like this in the code:
@GetMapping(value = "/jwk", produces = com.nimbusds.jose.jwk.JWKSet.MIME_TYPE)
Version
It seems the change in behaviour is introduced here:
16fe1c5 (line 183)
In this commit the RestOperationsResourceRetriever is introduced in the NimbusJwtDecoderJwkSupport class. Before this commit a DefaultResourceRetriever was used. The latter uses an HttpURLConnection to retrieve the JWK Set (WITHOUT an Accept request header). The former uses a RestOperations (WITH an Accept request header with the value 'application/json;charset=UTF-8').
Sample
I tried to find a public endpoint that only produces the media-type application/jwk-set+json. I was not able able to find one and therefore I cannot provide a working sample to demonstrate this problem.
Proposed solution
Add the media-type 'application/jwk-set+json' to the Accept request header in the RestOperationsResourceRetriever.