juergw
commented
2 months ago We don't have any plans to add additional support for these headers.
You could use Tink's signature primitives (PublicKeySign and PublicKeyVerify) or the Mac primitive together with a JSON parser to implement this yourself. But I wouldn't recommend this. Instead, I think it is preferable to keep using a different JWT library that supports these options.
Is your feature request related to a problem? If so, provide a description of the problem. I am currently working on migrating an internal library handling JWT in Java from nimbus-jose to Tink. We are using Tink keysets and primitives, but some of our partners require certain headers (cty, crit, x5c, x5t256, b64, as well as custom ones).
What sort of feature would you like to see? I know Tink only supports typ, alg and kid, but is there a chance that more will be added in the future? If not, do you see an alternative way to use Tink primitives for JWT signatures given that these headers are required?