Add option to remove type fromt he jwt_header
feliwir opened this issue · comments
This is not valid for all kind of JWT usages. E.g. for apple push notifications that header is not allowed: https://developer.apple.com/library/archive/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/CommunicatingwithAPNs.html#//apple_ref/doc/uid/TP40008194-CH11-SW1
I've also run into this issue.
According to the JWT RFC, the "typ" header field is optional (https://tools.ietf.org/html/rfc7519#section-5.1 ), but cpp-jwt returns an error when the "typ" field is not present:
cpp-jwt/include/jwt/impl/jwt.ipp
Line 89 in 87dcef9
I think it would be better to continue processing without an error in that case. When the "typ" field does exist, we can still validate that its value is "JWT", but when it does not exist there should be no error.
Please look at the encode and decode tests "TestRemoveTypHeader" and "TypHeaderMiss" respectively.
I have added an API to remove the header.