Closed fmarino-ipzs closed 1 month ago
We might consider addressing the CWT case at the same time here.
Its against the JWT BCP to omit typ at this point: https://datatracker.ietf.org/doc/html/rfc8725#name-use-explicit-typing
I'd propose the following:
credential_pop MUST be a JWT or CWT.
The typ protected header parameter SHOULD be "kb+jwt" or "kb+cwt".
I and @fmarino-ipzs agreed with you, please open a PR if possibile
this issue is tagged under the milestone 01
This issue has been resolved by PR #37.
The credential_pop is a JWT. I would consider
typ
as OPTIONAL and value it withjwt
. If omitted by default it is assumed to bejwt
.