diff --git a/server/deviceflowhandlers.go b/server/deviceflowhandlers.go index fb73f257..f8462902 100644 --- a/server/deviceflowhandlers.go +++ b/server/deviceflowhandlers.go @@ -141,6 +141,10 @@ func (s *Server) handleDeviceCode(w http.ResponseWriter, r *http.Request) { // https://tools.ietf.org/html/rfc8628#section-3.2 w.Header().Set("Cache-Control", "no-store") + // Response type should be application/json according to + // https://datatracker.ietf.org/doc/html/rfc6749#section-5.1 + w.Header().Set("Content-Type", "application/json") + enc := json.NewEncoder(w) enc.SetEscapeHTML(false) enc.SetIndent("", " ") diff --git a/server/deviceflowhandlers_test.go b/server/deviceflowhandlers_test.go index c387af43..95ca46e0 100644 --- a/server/deviceflowhandlers_test.go +++ b/server/deviceflowhandlers_test.go @@ -52,6 +52,7 @@ func TestHandleDeviceCode(t *testing.T) { requestType string scopes []string expectedResponseCode int + expectedContentType string expectedServerResponse string }{ { @@ -60,6 +61,7 @@ func TestHandleDeviceCode(t *testing.T) { requestType: "POST", scopes: []string{"openid", "profile", "email"}, expectedResponseCode: http.StatusOK, + expectedContentType: "application/json", }, { testName: "Invalid request Type (GET)", @@ -67,6 +69,7 @@ func TestHandleDeviceCode(t *testing.T) { requestType: "GET", scopes: []string{"openid", "profile", "email"}, expectedResponseCode: http.StatusBadRequest, + expectedContentType: "application/json", }, } for _, tc := range tests { @@ -101,6 +104,10 @@ func TestHandleDeviceCode(t *testing.T) { t.Errorf("Unexpected Response Type. Expected %v got %v", tc.expectedResponseCode, rr.Code) } + if rr.Header().Get("content-type") != tc.expectedContentType { + t.Errorf("Unexpected Response Content Type. Expected %v got %v", tc.expectedContentType, rr.Header().Get("content-type")) + } + body, err := io.ReadAll(rr.Body) if err != nil { t.Errorf("Could read token response %v", err)