Closed Smoovsky closed 1 year ago
Hi @Smoovsky ,
well, yes, it's kind of intentional:
Kid
within them.Hi @Smoovsky ,
well, yes, it's kind of intentional:
- JWK is not the only way to pass signing keys into library. And other methods don't have notion of
Kid
within them.- It is still low level lib, doesn't trying to make assumptions about how you wanna use it or what kind of content, headers you want to express with your payloads.
Well, I guess it's kinda anti-instinctive if you pass in a key type with kid but in the output, it's just not there. But I'm fine with the current behavior, probably adding some notes in the documentation will help latecomers.
Here there,
I'm not sure whether this is intended behavior but it seems the JWT encoded by the library does not include
kid
in its headers even if it's available in the key used to encode unless you explicitly include thekid
inextraHeaders
.Example:
If it's not intentional, please consider automatically adding
kid
in the encoded JWT as an improvement.