Documentação das especificações do GT de Segurança do Open Banking Brasil. As especificações ainda estão em versão draft e não devem ser utilizadas para implementação.
As per https://datatracker.ietf.org/doc/html/rfc8725#section-3.11 it is recommended to use explicit typing (to avoid security issues that might arise from one kind of JWT being accepted in an unintended context), i.e. to define a typ value that is explicitly used only for this token.
pedro-octavio-andrade
commented
1 year ago
The Brazil CIBA spec says:
As per https://datatracker.ietf.org/doc/html/rfc8725#section-3.11 it is recommended to use explicit typing (to avoid security issues that might arise from one kind of JWT being accepted in an unintended context), i.e. to define a typ value that is explicitly used only for this token.