Closed feliwir closed 6 years ago
I've also run into this issue.
According to the JWT RFC, the "typ" header field is optional (https://tools.ietf.org/html/rfc7519#section-5.1 ), but cpp-jwt returns an error when the "typ" field is not present: https://github.com/arun11299/cpp-jwt/blob/87dcef903f48a8c33df0bd9658d775d6d5db1918/include/jwt/impl/jwt.ipp#L89 I think it would be better to continue processing without an error in that case. When the "typ" field does exist, we can still validate that its value is "JWT", but when it does not exist there should be no error.
Please look at the encode and decode tests "TestRemoveTypHeader" and "TypHeaderMiss" respectively. I have added an API to remove the header.
This is not valid for all kind of JWT usages. E.g. for apple push notifications that header is not allowed: https://developer.apple.com/library/archive/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/CommunicatingwithAPNs.html#//apple_ref/doc/uid/TP40008194-CH11-SW1