Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWS.sign() hardcodes "typ": "JWT" #204

Open
alxnik opened this issue Jan 24, 2021 · 1 comment
Open

JWS.sign() hardcodes "typ": "JWT" #204

alxnik opened this issue Jan 24, 2021 · 1 comment

Comments

@alxnik
Copy link

alxnik commented Jan 24, 2021

Setting the JOSE header "typ" to "JWT" is hardcoded in jws._encode_header(). Although setting this parameter is recommended in rfc7519 (JWT specification), in rfc 7515 (JWS specification) it is marked as optional. Currently there is no way to remove it from the header.

The proposed solution is to not hardcode it in jws._encode_header() but added to the extra headers through jwt.encode(). Thus, JWT functionality remains unaffected, but JWS is RFC compliant
jricher added a commit to jricher/python-jose that referenced this issue Feb 15, 2021
@jricher
move typ: JWT default header to JWT instead of JWS, closes mpdavis#204
4db8f07
@AFlowOfCode AFlowOfCode mentioned this issue Jul 31, 2022
Open
@almartmart
Copy link

I really suggest merging this. I've already found some APIs that (for some reason) requires the "typ" header to not be sent, which is impossible without this change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alxnik @almartmart