go client library requests use content-type plain and fail

[mooreds]

go client library requests use content-type plain and fail

Description

Some requests with the go client library send the content type of text/plain which is rejected by FusionAuth.

Affects versions

1.39

Go client library reported to work fine with 1.38.1

Steps to reproduce

• use the go client library
• retrieve an application

See Invalid [Content-Type] HTTP request header value of [text/plain]. Supported values for this request include [application/json].

Expected behavior

The application is retrieved.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Additional context

Reported here: https://github.com/FusionAuth/go-client/issues/68

There are some other client libs that send a header with text/plain that should probably be examined:

$ fusionauth-client-builder % find . -type f|xargs grep 'plain'
./src/main/client/typescript.client.ftl:        .withHeader('Content-Type', 'text/plain')
./src/main/client/angular.client.ftl:        .withHeader('Content-Type', 'text/plain')
./src/main/client/go.client.ftl:  rc.WithHeader("Content-Type", "text/plain")
./src/main/client/javascript.client.ftl:          .header('Content-Type', 'text/plain')
./src/main/client/dart.client.ftl:        .withHeader('Content-Type', 'text/plain')

[robotdan]

Interesting. This is working as intended (per https://github.com/FusionAuth/fusionauth-issues/issues/604) - looks like we have bugs in our client libraries? We should never be sending a Content-Type of text/plain as far as I know.

[robotdan]

I think we added this a while back to fix some other issue...

For example, in dart.client.ftl, typescript.client.ftl, javascript.client.ftl and angular.client.ftl (which I thinks defunct?) we have this code:

[#if api.method == "post" && !formPost && !global.hasBodyParam(api.params![])]
  .withHeader('Content-Type', 'text/plain')
[/#if]

Go has a different code snippet rc.WithHeader("Content-Type", "text/plain") which looks to be added for all StartAnonymous which looks to be just plain incorrect. Maybe it was copied from another client library along the way?

I want to say for the JS based libs - perhaps we were trying to fix an issue with the browser fails to make a POST request w/out a body if there is no Content-Type header set.

I think ideally we'd remove any code that sets Content-Type: text/plain because it is not correct. But it could be that we have to figure out why it was put there initially and see if we can solve it a different way.

[robotdan]

Updated linked issue with a commit to the go client to see if that fixes it. Still need to look at the JavaScript ones to see if that is necessary.

• https://github.com/FusionAuth/go-client/issues/68

[theogravity]

I'm having this problem too with the FusionAuth plugin for pulumi I wrote. It uses https://github.com/gpsinsight/terraform-provider-fusionauth, which uses the go-client.

     Type                                            Name             Status                  Info
     pulumi:pulumi:Stack                             fusion-auth-dev  **failed**              1 error
 -   ├─ fusionauth:index:FusionAuthIdpOpenIdConnect  dev-azure-ad     **deleting failed**     1 error
 -   ├─ fusionauth:index:FusionAuthIdpOpenIdConnect  dev-slack        **deleting failed**     1 error
 -   └─ fusionauth:index:FusionAuthIdpOpenIdConnect  dev-gsuite       **deleting failed**     1 error
 
Diagnostics:
  fusionauth:index:FusionAuthIdpOpenIdConnect (dev-slack):
    error: deleting urn:pulumi:dev::fusion-auth::fusionauth:IdentityProviders$fusionauth:index/fusionAuthIdpOpenIdConnect:FusionAuthIdpOpenIdConnect::dev-slack: 1 error occurred:
    	* unexpected status code: 400(Bad Request) Errors: Invalid [Content-Type] HTTP request header value of [text/plain]. Supported values for this request include [application/json].
 
  fusionauth:index:FusionAuthIdpOpenIdConnect (dev-gsuite):
    error: deleting urn:pulumi:dev::fusion-auth::fusionauth:IdentityProviders$fusionauth:index/fusionAuthIdpOpenIdConnect:FusionAuthIdpOpenIdConnect::dev-gsuite: 1 error occurred:
    	* unexpected status code: 400(Bad Request) Errors: Invalid [Content-Type] HTTP request header value of [text/plain]. Supported values for this request include [application/json].
 
  fusionauth:index:FusionAuthIdpOpenIdConnect (dev-azure-ad):
    error: deleting urn:pulumi:dev::fusion-auth::fusionauth:IdentityProviders$fusionauth:index/fusionAuthIdpOpenIdConnect:FusionAuthIdpOpenIdConnect::dev-azure-ad: 1 error occurred:
    	* unexpected status code: 400(Bad Request) Errors: Invalid [Content-Type] HTTP request header value of [text/plain]. Supported values for this request include [application/json].

[mooreds]

@theogravity is the issue that the terraform client uses an old version of the go-client without the fix for https://github.com/FusionAuth/go-client/issues/68 ? it looks like it does here: https://github.com/gpsinsight/terraform-provider-fusionauth/blob/main/go.mod#L6

That would indicate we need to bump the version of the go-client that is used by the terraform provider, which will address your pulumi issue.

Does that make sense?

[theogravity]

It does and I may have already done this since I haven't been getting issues since the last time I updated the plug-in which was shortly after you merged in some PRs.