Celocli get-metadata fails to properly read metadata that is stored as multiline json

When going through this section of setup:

at first i uploaded metadata as “pretty printed” json, since it was making it easier to read it as raw json file too.

unfortunately it looks like at the very least the cleocli accounts:get-metadata call is unable to fetch and parse mutliline json from internet properly. I am not sure if this is an intended feature or a bug, but it does mean that all metadata files have to be uploaded as a single line string for it to work properly.

these are the revisions of the metadata gist: https://gist.github.com/zviadm/1bab7c8be439a6b98190a695cedf117d/revisions

so after looking further into it, it looks like because the full claims message is what gets signed, if the order of fields is changed in json inside claims, it can lead to the signature being invalid.

edit: after digging even further into this, the metadata verifying protocol might be slightly problematic/error prone in the long term.

as I understand, right now it essentially depends on the fact that, json.stringify(json.parse(data)) is stable. this is true for javascript, but isn’t true for many other languages, because keys in a json map can get randomly re-arranged when it is parsed and re-serialized.
so if someone wanted to write a verification in a language other than JS they would need to have more specialized JSON parsing library that keeps order of keys in a map stable, and would have to make sure their serialization matches json.stringify byte for byte.