bc-pi
commented
5 months ago The value of explicitly typing in the context of something like DBSC isn't as clear as some other JWT usages but it's probably worth doing nonetheless. And would certainly be more useful than "typ": "JWT", in the current readme, which is pretty much meaningless.
FWIW this seems quite similar to DPoP where we did go with explicit typing. See https://www.rfc-editor.org/rfc/rfc9449.html#section-4.2-2.2 for example.
sameerag
Per JWT best practices explicitly type the JWT, such as
"typ":"dbsc+jwt"see https://datatracker.ietf.org/doc/html/rfc8725#name-use-explicit-typing