-
|
Hello, According to the specification There must be "typ" property in the client assertion headers with the value "client-authentication+jwt" and now the provider is requesting this header to be present. I am using v5.7.1 Is there something I can do about this? ( I have checked version 6, but haven't been able to see a changelog for this ) |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
That is a very early draft, not a final specification, there is no guarantee the added "typ" will not be changing. In v6.x you can use modifyAssertion to manage these customizations, in v5.x only the assertion's payload can be customized. However, there's should be no need to adopt the draft just yet as no authorization server should be enforcing the use of the typed assertion. FWIW the reason for this bis document is already resolved in both v5.x (since v5.7.1) and v6.x (since 6.0.0) |
Beta Was this translation helpful? Give feedback.
That is a very early draft, not a final specification, there is no guarantee the added "typ" will not be changing.
In v6.x you can use modifyAssertion to manage these customizations, in v5.x only the assertion's payload can be customized. However, there's should be no need to adopt the draft just yet as no authorization server should be enforcing the use of the typed assertion.
FWIW the reason for this bis document is already resolved in both v5.x (since v5.7.1) and v6.x (since 6.0.0)