Skip to content

dropshot should support other application/json aliases #1383

New issue
New issue
Closed
#1413
Closed
dropshot should support other application/json aliases#1383
#1413
@papertigers

Description

@papertigers
papertigers
opened on Aug 1, 2025

While working on SCIM v2 support within nexus, @jmpesp and I ran into an issue with the request bodies coming from identity providers such as Okta. It turns out SCIM v2 is using a content-type of application/scim+json as defined in RFC 7644 Section 8.1.

Dropshot currently chokes on this because the built-in extractors for the request body have a whitelist of mime types defined here:

dropshot/dropshot/src/api_description.rs

Lines 332 to 341 in 45dbc19

pub fn from_mime_type(mime_type: &str) -> Result<Self, String> {
match mime_type {
CONTENT_TYPE_OCTET_STREAM => Ok(Self::Bytes),
CONTENT_TYPE_JSON => Ok(Self::Json),
CONTENT_TYPE_URL_ENCODED => Ok(Self::UrlEncoded),
CONTENT_TYPE_MULTIPART_FORM_DATA => Ok(Self::MultipartFormData),
_ => Err(mime_type.to_string()),
}
}
}

Which is later checked here:

dropshot/dropshot/src/extractor/body.rs

Lines 153 to 155 in 45dbc19

let body_content_type =
ApiEndpointBodyContentType::from_mime_type(&mime_type)
.map_err(|e| HttpError::for_bad_request(None, e))?;

There are a few paths forward discussed on the control plane huddle:

  • Implement a custom extractor for your json like alias
  • Simply add the scim+json type to the defined enum
  • Maintain a list of json mime type aliases and expose them via the same enum
  • Another approach not yet realized...

The returned body out of dropshot can be easily be worked around at this time as the Response type lets you set header value yourself.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions