Sending an empty object body for GET, HEAD, or OPTIONS requests causes 403 from CloudFront

[jeffmay]

Checklist

• [x] I have looked into the README and have not found a suitable solution or answer.
• [x] I have looked into the documentation and have not found a suitable solution or answer.
• [x] I have searched the issues and have not found a suitable solution or answer.
• [x] I have upgraded to the latest version of this SDK and the issue still persists.
• [x] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [x] I agree to the terms within the Auth0 Code of Conduct.

Description

The SDK will send an empty object {} for any request that has a parameters object that has all default / zero values.

CloudFront returns a 403 for GET, HEAD, and OPTIONS requests that do not have an empty body

When we use CloudFront for creating our custom domain, we are unable to configure the Management API URL to use the custom domain because of this issue.

The work-around is to update the code to detect when the parameters object has all zero values and then pass nil instead.

Expectation

Sending a GET request to an endpoint that does not require any parameters should work whether sending nil or the correct type parameters with zero values.

Reproduction

1. Setup a custom domain in CloudFront
2. Configure the Management API URL to use the custom domain
3. Make a call to list resources on the management API using a parameters object with all zero values
4. See a 403 response

Auth0 Go SDK version

v1.19.0

[developerkunal]

Hi @jeffmay,

I hope you're doing well!

I tried to reproduce the issue and found that GET and OPTIONS requests are indeed returning a 403 error. Could you clarify how HEAD is also affected, or share the steps to reproduce it? Once I can reproduce the behavior with HEAD as well, I'll be able to move forward with completing the PR review.