jwtVerify with token that has "crit": [ "b64" ] throws an error

[Cloud11PL]

Hey,

Looking at rfc7797 I should be able to use a JWT token that has a header with "crit": [ "b64" ] and "b64": true. The "b64": true bit is deleted from headers in pyjwt so the header is left only with the crit field.

The problem I see with jose is that if we use jwtVerify then at no point validateCrit gets b64 in joseHeader causing the following error:

JWSInvalid: Extension Header Parameter "b64" is missing

Is this intended behaviour? What am I doing wrong here? 😅

[panva]

Yes this is an intended behaviour. Your token indicates an extension (crit) and it's corresponding header parameter is not found.

[Cloud11PL]

Thanks for the reply.

I got confused because the RFC states that

it is RECOMMENDED that "b64" simply be omitted in this case

So to make it work with jose I have to explicitly set the b64 to true?

[panva]

you cannot have a crit member without corresponding header parameter so you want to either omit b64 and crit altogether or have crit and b64:true

[Cloud11PL]

Okay, got it, thanks for the help! 😸