enhance http calls to OP to check content-type on response for json

[brockallen]

No description provided.

[brockallen]

done

[ericmorand-emakina]

@brockallen, is this needed because OpenID specs enforce this? Our SSO provider send application/jwk-set+json;charset=UTF-8.

[brockallen]

it was used to detect when the OP had an error and was showing html pages

[ericmorand-emakina]

But then application/jwk-set+json responses throw exceptions. I'm wondering if our SSO provider is at fault there. Do you think I should open an issue here? application/jwk-set+json looks like a valid content type:

https://tools.ietf.org/html/rfc7517

[brockallen]

which token server do you use?

[ericmorand-emakina]

Connect2id

[longsleep]

This change is wrong - oidc-client should accept application/jwk-set+json response types which is the right content type for JSON web keys. This makes oidc-client-js essentially non-functional for OIDC providers which properly set the content type for jwk endpoints.