Slamdunk
commented
3 weeks ago Hi, do you mind sharing the conflicting Apple JWTs as well as the code you use to handle those JWTs with this library?
Open colinferm opened 3 weeks ago
Slamdunk
commented
3 weeks ago Hi, do you mind sharing the conflicting Apple JWTs as well as the code you use to handle those JWTs with this library?
Ocramius
commented
3 weeks ago Have you tried ->withHeader('typ', 'something-else')? It is overwritten that way, AFAIK
colinferm
commented
3 weeks ago Yeah. Apple doesn't like the header type at all. It's dumb but it's Apple.
lcobucci
commented
3 weeks ago We had other people using this library and successfully integrating with Apple (though I don't know details).
Do you have links to their documentation stating that they expect the header not to be defined? Can it be a bug in their end instead?
Nevertheless, this library favours explicity. That means ensuring that downstream has an object that is a JWT (not some other types defined by the RFC group).
At this point, I don't see a reason for changing the implementation. You may create your own builder and make the (temporary or not) modifications you require for your use case.
In namespace Lcobucci\JWT\Token\Builder:23, there is the line:
private array $headers = ['typ' => 'JWT', 'alg' => null];The header typ => JWT is breaking requests with Apple JWT requests (such as APNS or Apple Books API requests).
Can you either (a) make Builder non-final so it can be subclassed and this variable can be easily overwritten or (b) can you remove this header from the default array?