Typ header parameter being misused in TraTs draft

Question

Typ header parameter being misused in TraTs draft

Closed this issue 2 months ago · 2 comments

According to the RFC 7515 (JWS), the "typ" header parameter is supposed to indicate a media-type (https://www.iana.org/assignments/media-types/media-types.xhtml). In addition, the JWT spec section 5.1 clarifies that if used, it should be set to "JWT". However, the TraTs draft requires this to be set to "txn_token". This is clearly not right. We need to find another way to identify a JWT to be a TraT.

Answer 1 · 2024-06-04T17:08:01.000Z

see also https://www.rfc-editor.org/rfc/rfc8725.html#name-use-explicit-typing
https://datatracker.ietf.org/doc/html/rfc9068#name-header
https://www.rfc-editor.org/rfc/rfc9449.html#name-dpop-proof-jwt-syntax

Answer 2 · 2024-06-04T21:27:20.000Z

Thanks for these references. I will go with "txntoken+jwt" for now, based on the recommendation of the "Explicit Typing" section.