arun11299
commented
4 years ago Thanks for reporting. I will take a look into it.
Closed sean24 closed 4 years ago
arun11299
commented
4 years ago Thanks for reporting. I will take a look into it.
arun11299
commented
4 years ago @sean24 Are you trying with the latest code ? I am able to decode a JWT without typ field. After decoding it assigns the value "JWT" by default.
Can you please check with the latest pull ?
arun11299
commented
4 years ago Closing this issue for now.
I am using an OAUTH server that does not include "typ" in HOSE. This will be treated as error in jwt_header::decode. According to RFC 7519, it seems better to assume "typ" to be "JWT" if it is absent.
According to RFC 7519 Section 5.1 "typ" (Type) Header Parameter: "This is intended for use by the JWT application when values that are not JWTs could also be present in an application data structure that can contain a JWT object; the application can use this value to disambiguate among the different kinds of objects that might be present. It will typically not be used by applications when it is already known that the object is a JWT." "Use of this Header Parameter is OPTIONAL."