#Change type in JWT

1 messages · Page 1 of 1 (latest)

cerulean nymph
shell loom
#

Looping in @flint apex @vast condor

flint apex
#

@cerulean nymph currently there is no work around for this. As per the JWT spec [1] it is recommended to use JWT as the default value for the typ header parameter, hence the ballerina implementation does this.

https://datatracker.ietf.org/doc/html/rfc7519#section-5.1

IETF Datatracker
RFC 7519: JSON Web Token (JWT)

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity ...

exotic cloud
#

@cerulean nymph Are you working with a client that sends the JWT with that name?

cerulean nymph
#

I'm trying to develop a basic sts using ballerina which sends JWT access tokens. According to the JWT Access Token Spec, typ parameter should be at+jwt.
https://datatracker.ietf.org/doc/html/rfc9068#name-header

IETF Datatracker
RFC 9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

This specification defines a profile for issuing OAuth 2.0 access tokens in JSON Web Token (JWT) format. Authorization servers and resource servers from different vendors can leverage this profile to issue and consume access tokens in an interoperable manner.

flint apex
#

@cerulean nymph the above spec describes the access-token generated for Oauth2 JWT bearer flow and currently this is not covered by Ballerina JWT module (which specifically deals with generating and validating self-signed JWT) since generating Oauth2 tokens is an IdP functionality. But, we will check whether there is a possibility to extend the functionality of the Ballerina JWT module with this.

tribal aspen
#

@cerulean nymph you can do this with the oauth2 module, overriding the AUTH_HEADER_BEARER config parameter