define explicit typing of a proof JWT
during Aug-11 SIOP call, was suggested that using “typ“: “JWP“ is misleading, (it is not defined in the specification anyway). It was suggested we should define an explicit typing such as “typ“:”proof”. PR #268
Comments (5)
-
Account Deactivated -
@jeremie It’s recommended as per https://www.rfc-editor.org/rfc/rfc8725.html#section-3.11 to prevent the potential for one type of JWT to be used in a context it wasn’t intended for.
-
For context, https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop#section-12.5 uses
dpop+jwt
, https://www.rfc-editor.org/rfc/rfc9101.html#section-9.4.1 usesoauth-authz-req+jwt
.So possibly something like
vc-iss-proof+jwt
? -
The discussion was kind of a sidebar where I noticed
"typ": "JWT"
in an example Kristina was working on and suggested removing it because it is pretty much meaningless and kinda cargo cult. I also said that useing"typ": "JWT"
precludes more explicit typing, which I think is what led us here.
-
reporter - changed status to resolved
PR merged
- Log in to comment
I missed the part of the call where this was discussed, why is an explicit (mime) type needed?