connect2id / Nimbus-JOSE-JWT / issues / #117 - JWT Type in JOSE Header — Bitbucket

Issue #117 resolved

Dave Franken created an issue 2015-02-13

The draft for JSON Web Tokens: https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32 describes the usage of "typ" in the header with a fixed value of "JWT".

Currently, the implementation only allows JWS and JWE as types in the header.

Also, "typ" is currently a field in the claims set for JWTs, but it should be removed from there and lifted to the header.

Comments (7)

Connect2id OSS
- changed status to open
Thanks for reporting this!
- 2015-02-13T15:59:34+00:00
Connect2id OSS
Removed misplaced 'typ' claim from claims set in commit 1495d04.
- 2015-02-13T16:31:48+00:00
Dave Franken reporter
You might want to add "JWT" as a static instance to JOSEObjectType (like JWS and JWE) so you don't have to use the constructor.
- 2015-02-13T20:59:05+00:00
Connect2id OSS
Updated the 'typ' constants to match the latest JWS draft 40 / JWT draft 40, see commit be09fd9.
- 2015-02-15T08:34:28+00:00
Connect2id OSS
PS: Please note that the recommended way to indicate a nested (signed + encrypted) JWT is to use the "cty" parameter for that. The "typ" parameter is there for legacy reasons.
- 2015-02-15T08:37:20+00:00
Connect2id OSS
Dave, the changes just got pushed to Maven Central as version 3.9.
- 2015-02-15T09:01:06+00:00
Connect2id OSS
- changed status to resolved
- 2015-02-15T09:01:12+00:00
Log in to comment

Assignee: –

Type: bug

Priority: minor

Status: resolved

Component: JWT

Milestone: –

Votes: 0

Watchers: 2

Jira: the preferred issue tracker for Bitbucket. Join the team!