search

jpadilla / pyjwt

JSON Web Token implementation in Python
https://pyjwt.readthedocs.io
MIT License
5.18k stars 690 forks source link

Consider adding `kid` jwt header by default #976

Open adamJLev opened 3 months ago

adamJLev commented 3 months ago

So it looks like PyJWKClient relies on this param to work at all, why not make it the default to include kid in the JWT headers? If the field is empty or null, the JWK client will never match the key.

I realize kid is an optional field, but its useful and it would make sense to me to include it, as otherwise the client that comes with the library doesn't even work with JWT tokens signed by this library - which seems inconsistent.

More info on kid aka `key id" field: https://datatracker.ietf.org/doc/html/rfc7517#section-4.5 Andhere in a more user friendly format: https://fusionauth.io/articles/tokens/jwt-components-explained

gagandeepp commented 1 month ago

interested @adamJLev please assign