- New function
unsafeParseJOSEHeader()
- "unsafely" parse the JOSE header of a JWT without cryptokey. - New JWTOption
additionalHeaderClaims
- Additional claims to include/override as part of the JWT's JOSE header.
Working with JWT Headers
Some usage scenarios, such as interoperating with OIDC providers that set key identifier (kid) header claims in the JWTs they issue, require JWT header introspection. Similarly, it is sometimes necessary to create tokens with additional header claims or override existing claims (e.g., the typ claim).
The additionalHeaderClaims property in the JWTOptions provide the means to set/override header claims in tokens created through signJWT. Conversely, the unsafeParseJOSEHeader function reads the header claims of a token without validating it.
What's Changed
- Add support for additional header claims in signJWT() function by @cwirving in #5
- Add the ability to provide arbitrary custom header claims by @cwirving in #6
New Contributors
Full Changelog: 0.4.9...0.5.0