JWTs don't actually need a typ component.

kohler · Oct 16, 2023 · 51c84b5 · 51c84b5
1 parent 21c8d3a
commit 51c84b5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/jwtparser.php b/lib/jwtparser.php
@@ -200,7 +200,7 @@ function validate($s) {
         if (!$this->has_alg($jose->alg ?? null)) {
             $this->error_at(null, "<0>Unknown algorithm");
             return null;
-        } else if (($jose->typ ?? null) !== "JWT") {
+        } else if (isset($jose->typ) && ($jose->typ ?? null) !== "JWT") {
             $suffix = isset($jose->typ) && is_string($jose->typ) ? " ‘{$jose->typ}’" : "";
             $this->error_at(null, "<0>Unexpected message type{$suffix}");
             return null;