Closed urmastalimaa closed 3 years ago
Hi @urmastalimaa Looking good, do you by any chance a reference to the docs for this?
Hey @Hanspagh, can you clarify what docs are you referring to?
Just in case, this is the "typ" field documentation in the JWT RFC: https://tools.ietf.org/html/rfc7519#section-5.1
Thank you. This was what I was looking for. This looks perfect.
The standard "typ" field is not mandatory for JWTs. The token refresh implementation does not actually rely on the "typ" field in case a custom TTL is provided, but the
set_ttl
function header mandates the field. Instead of matching in the function header, move fetching the token type into the branch where it is actually necessary.