Entity configuration lacks typ in header 

As per title, the JWT returned from `.well-known/openid-federation` lacks the `typ` header.
The example from https://docs.italia.it/italia/spid/spid-cie-oidc-docs/it/versione-corrente/esempi.html#en-1-1-entity-configuration-response-relying-party describes an header such as 
```
{
    "alg": "RS256",
    "kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
    "typ": "entity-statement+jwt"
}
```

while here the response is 
```
{
  "kid": "Sg2yS2KORC2nOfh5bUZkQE-3DibNNup3IULFl7T933k",
  "alg": "RS256"
}
```

Although these examples are "non normativi", oidc-fed as per draft29 is more strict.
(https://openid.net/specs/openid-connect-federation-1_0.html#name-federation-entity-configurat and https://openid.net/specs/openid-connect-federation-1_0.html#entity-statement) 
```
Entity Statement JWTs MUST be explicitly typed, by setting the typ header parameter to entity-statement+jwt. This prevents cross-JWT confusion (see [[RFC8725](https://openid.net/specs/openid-connect-federation-1_0.html#RFC8725)], section 3.11).
```

Please discard the issue if is this is a problem within the SPID specification.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Entity configuration lacks typ in header #6

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Entity configuration lacks typ in header #6

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions