Hanspagh
commented
3 years ago Hi @urmastalimaa Looking good, do you by any chance a reference to the docs for this?
Closed urmastalimaa closed 3 years ago
Hanspagh
commented
3 years ago Hi @urmastalimaa Looking good, do you by any chance a reference to the docs for this?
urmastalimaa
commented
3 years ago Hey @Hanspagh, can you clarify what docs are you referring to?
urmastalimaa
commented
3 years ago Just in case, this is the "typ" field documentation in the JWT RFC: https://tools.ietf.org/html/rfc7519#section-5.1
Hanspagh
commented
3 years ago Thank you. This was what I was looking for. This looks perfect.
The standard "typ" field is not mandatory for JWTs. The token refresh implementation does not actually rely on the "typ" field in case a custom TTL is provided, but the
set_ttlfunction header mandates the field. Instead of matching in the function header, move fetching the token type into the branch where it is actually necessary.