Send Accept and Accept-Encoding headers to the IdP

[ryanwilliams83]

Fixes issue with Auth0 returning compressed responses

[lcrilly]

Thanks! We need to do some investigation and testing to see if the Accept-Encoding header is safe to use for all other IdPs. It might be that this is a tweak you need to maintain for Auth0 but will get back to you.

[ryanwilliams83]

Further investigation shows that Auth0 return responses with brolti compression.
The /_jwks_uri path will also need to set the Accept-Encoding header.

[tippexs]

Sorry for my late response to this. I have spent some time to investigate this. We are already using gzip compression in our current implementation:

https://github.com/nginxinc/nginx-openid-connect/blob/master/openid_connect.server_conf#L6

This will auto attach the Accept-Encoding header to the IdP Backend:

"POST /oauth/token HTTP/1.0^M Content-Type: application/x-www-form-urlencoded^M .... Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: de-DE,de;q=0.9 

The response from Auth0 looks like this:

[debug] 21500#21500: *23 http proxy status 200 "200 OK" [debug] 21500#21500: *23 http proxy header: "Date: Wed, 13 Jan 2021 10:46:53 GMT" [debug] 21500#21500: *23 http proxy header: "Content-Type: application/json" ***** [debug] 21500#21500: *23 http proxy header: "CF-Ray: 610e89385a57fca1-VIE" [debug] 21500#21500: *23 http proxy header: "Cache-Control: no-store" [debug] 21500#21500: *23 http proxy header: "Content-Encoding: gzip" 

So Auth0 sends the content compressed using gzip.

The response will be JSON even without sending the Accept header. What was the exact reason sending this header to Auth0?

Let me know if you have any further questions.

[tippexs]

Closing due to inactivity.