Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

oidc

Describe the bug

As per current implementation, jwks_uri endpoint returns a response header content-type as application/json. I am trying keycloak as a external oidc-provider to perform authorization code flow scenario in credo-ts.

Due to "application/json" content type in response header for jwk_uri my flow is breaking. Because in credo-ts it is validating for correct content type as per specification.

I was referring to this - JWK spec.

Can someone guide here, whether my point is valid or not?

Version

26.2.0

Regression

• The issue is a regression

Expected behavior

Jwk_uri endpoint should return "application/jwk+json" or "application/jwk-set+json" as described in spec - JWK spec

Actual behavior

Jwk_uri endpoint is returning "application/json" in response header content-type.

How to Reproduce?

1. Go to .well-know configuration endpoint, for e.g. http://localhost:8080/realms/test-demo-provider/.well-known/openid-configuration
2. Under that we will find jwks_uri
3. Open jwks_uri endpoint in browser or try to access it using API. Below is the example for endpoint
   "jwks_uri": "http://localhost:8080/realms/test-demo-provider/protocol/openid-connect/certs"
4. Check the response headers for content-type

Anything else?

No response