You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 19, 2022. It is now read-only.
Our current code does not produce "typ" headers, nor does it look for them. So the objects we're creating can't be called "JWT"s. We've updated the docs to describe these objects as "JWT-like". So we can close this issue as a WONTFIX.
In a future version of the cert format, we should become more like JWTs, and start including these headers. We could safely add them now (since nothing is depending upon their absence), but let's make all the change in a single fell swoop.
It seems like I read draft-07 differently than you. It seems to me that "typ" is an optional key, except if "nested signing" is employed. This is the case for the JWT passed by an IdP for registerCertificate(), at least, so the "typ" header MUST be "JWS".
From my reading of http://openid.net/specs/draft-jones-json-web-token-07.html , the sample JWTs in browserid/index.md should have a "typ" header field in addition to the cited "alg" one, so:
instead of:
am I reading this right? If so, I'll whip up a patch for the docs.
The text was updated successfully, but these errors were encountered: