arun11299 / cpp-jwt

JSON Web Token library for C++
MIT License
395 stars 111 forks source link

Assume "typ" is "JWT" when it absent from JOSE. #53

Closed sean24 closed 4 years ago

sean24 commented 5 years ago

I am using an OAUTH server that does not include "typ" in HOSE. This will be treated as error in jwt_header::decode. According to RFC 7519, it seems better to assume "typ" to be "JWT" if it is absent.

According to RFC 7519 Section 5.1 "typ" (Type) Header Parameter: "This is intended for use by the JWT application when values that are not JWTs could also be present in an application data structure that can contain a JWT object; the application can use this value to disambiguate among the different kinds of objects that might be present. It will typically not be used by applications when it is already known that the object is a JWT." "Use of this Header Parameter is OPTIONAL."

arun11299 commented 5 years ago

Thanks for reporting. I will take a look into it.

arun11299 commented 5 years ago

@sean24 Are you trying with the latest code ? I am able to decode a JWT without typ field. After decoding it assigns the value "JWT" by default.

Can you please check with the latest pull ?

arun11299 commented 4 years ago

Closing this issue for now.