KRAKEND [JWTValidator] Unable to validate the token: should have a JSON content type for JWKS endpoint

Question

I get the following error while evaluating krakend on MacOS with latest from brew...

[KRAKEND] 2022/09/20 - 11:51:32.488 ▶ ERROR [ENDPOINT: /geo/v1/countries][JWTValidator] Unable to validate the token: should have a JSON content type for JWKS endpoint

My JWKS from keycloak running on AWS does seem to set the Content-Type properly so I do not understand the issue...

{
  "$schema": "https://www.krakend.io/schema/v3.json",
  "version": 3,
  "name": "KrakenD - API Gateway",
  "extra_config": {
    "security/cors": {
      "allow_origins": [
        "*"
      ],
      "expose_headers": [
        "Content-Length",
        "Content-Type"
      ],
      "max_age": "12h",
      "allow_methods": [
        "GET",
        "HEAD"
      ]
    },
    "telemetry/logging": {
      "level": "DEBUG",
      "prefix": "[KRAKEND]",
      "syslog": false,
      "stdout": true
    }
  },
  "timeout": "3000ms",
  "cache_ttl": "300s",
  "output_encoding": "json",
  "endpoints": [
    {
      "endpoint": "/geo/v1/countries",
      "method": "GET",
      "backend": [
        {
          "url_pattern": "/geo/v1/countries",
          "is_collection": true,
          "sd": "static",
          "method": "GET",
          "host": [
            "https://api.sophware.com"
          ],
          "disable_host_sanitize": false
        }
      ],
      "extra_config": {
        "qos/ratelimit/router": {
          "max_rate": 0,
          "client_max_rate": 10,
          "strategy": "header",
          "key": "Authorization"
        },
        "auth/validator": {
          "alg": "RS256",
          "jwk_url": "https://auth.sophware.com/realms/sophware/protocol/openid-connect/certs",
      "issuer": "https://auth.sophware.com/realms/sophware",
      "operation_debug": true,
      "cache": true
        }
      }
    },
    {
      "endpoint": "/geo/v1/features",
      "method": "GET",
      "backend": [
        {
          "url_pattern": "/geo/v1/features",
          "is_collection": true,
          "sd": "static",
          "method": "GET",
          "host": [
            "https://api.sophware.com"
          ],
          "disable_host_sanitize": false
        }
      ],
      "extra_config": {
        "qos/ratelimit/router": {
          "max_rate": 0,
          "client_max_rate": 5,
          "strategy": "ip"
        }
      }
    }
  ]
}

Answer 1

Check the value of "k" in symmetric.json. The argument "k" should be encoded using base64url, not standard base64.

Answer 2

The error might be misleading because the JWT validation does not have a specific message when there are connectivity errors, but if you are sure the content is well-formed JSON, then the problem is mostly reaching the JWK URL.