Auth/jwt: 400 Bad Request Accept header is missing

vishpat · July 20, 2022, 8:53pm

I have enabled jwt auth on my dev vault instance

vault auth enable jwt
Success! Enabled jwt auth method at: jwt/

However, when I try to configure the jwks_url for the jwt auth I get the following error

➜ vault write auth/jwt/config jwks_url="<jwks_url>"

Error writing data to auth/jwt/config: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/auth/jwt/config
Code: 400. Errors:

* error checking jwks URL: fetching keys oidc: get keys failed: 400 Bad Request Accept header is missing

How do I debug this?

vishpat · July 20, 2022, 8:53pm

➜ vault version
Vault v1.10.4 (6a1dde56c18c4a1be2756b931ce3c872d8ca5a76)

maxb · July 21, 2022, 6:21am

It’s telling you the URL you attempted to configure, returned

when Vault tried to access it.

It sounds like your identity provider software is opinionated about requiring an Accept header when accessing the URL you are trying to configure - but Vault doesn’t send one, and as far as I know, there’s no standard that says that it must.