- changed status to open
JWEHeader.Builder is missing registered header parameters from RFC 7519 section 10.4
Issue #535
resolved
In RFC 7519 section 5.3 (Replicating Claims as Header Parameters), the specification allows claims present in the JWT Claims Set to be replicated as Header Parameters in a JWT that is a JWE.
Later, in section 10.4 (Header Parameter Names Registration), the following header parameter names are documented “for use by claims replicated as Header Parameters in JWEs”:
o Header Parameter Name: "iss"
o Header Parameter Description: Issuer
o Header Parameter Usage Location(s): JWE
o Change Controller: IESG
o Specification Document(s): Section 4.1.1 of RFC 7519
o Header Parameter Name: "sub"
o Header Parameter Description: Subject
o Header Parameter Usage Location(s): JWE
o Change Controller: IESG
o Specification Document(s): Section 4.1.2 of RFC 7519
o Header Parameter Name: "aud"
o Header Parameter Description: Audience
o Header Parameter Usage Location(s): JWE
o Change Controller: IESG
o Specification Document(s): Section 4.1.3 of RFC 7519
Since these are registered header parameter names, they should probably appear in the HeaderParameterNames enum, and there should probably be dedicated setters for them in JWEHeader.Builder, as well as dedicated getters for them in JWEHeader.
Comments (2)
-
-
- changed status to resolved
Commit: 2c2587a65541bf926b98bbe09be412384aa9a62c
9.41 (2024-06-29) * JWEHeader receives typed support for the "iss" (issuer), "sub" (subject) and "aud" (audience) claims as replicated JWE header parameters.
- Log in to comment
Thanks!