arun11299 / cpp-jwt

JSON Web Token library for C++
MIT License
393 stars 112 forks source link

Add option to remove type fromt he jwt_header #26

Closed feliwir closed 6 years ago

feliwir commented 6 years ago

This is not valid for all kind of JWT usages. E.g. for apple push notifications that header is not allowed: https://developer.apple.com/library/archive/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/CommunicatingwithAPNs.html#//apple_ref/doc/uid/TP40008194-CH11-SW1

dwrensha commented 6 years ago

I've also run into this issue.

According to the JWT RFC, the "typ" header field is optional (https://tools.ietf.org/html/rfc7519#section-5.1 ), but cpp-jwt returns an error when the "typ" field is not present: https://github.com/arun11299/cpp-jwt/blob/87dcef903f48a8c33df0bd9658d775d6d5db1918/include/jwt/impl/jwt.ipp#L89 I think it would be better to continue processing without an error in that case. When the "typ" field does exist, we can still validate that its value is "JWT", but when it does not exist there should be no error.

arun11299 commented 6 years ago

Please look at the encode and decode tests "TestRemoveTypHeader" and "TypHeaderMiss" respectively. I have added an API to remove the header.