Before reporting an issue

[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

admin/ui

Describe the bug

When a member is added to an organization the following request is sent:

POST /admin/realms/myrealm/organizations/75247cdc-9f01-4939-aa71-b46a774e50ce/members
-H 'content-type: application/json' \
  --data-raw '1ddd1774-bd9c-4771-a7c0-b490baad7529'

This is rejected if Keycloak runs behind a web application firewall, as the payload is not JSON.

Version

26.0

Regression

[ ] The issue is a regression

Expected behavior

The admin console should send payload as quoted value: "1ddd1774-bd9c-4771-a7c0-b490baad7529"'
This is allowed as valid JSON.

Actual behavior

Keycloak accepts unquoted value despite "Content-type" must be set to "application/json"

How to Reproduce?

Add a member to an organization. Observe the API request by Admin console.

Anything else?

An alternative solution: Improve the API and expect a JSON object:

{

"userId": "1ddd1774-bd9c-4771-a7c0-b490baad7529"

}