IDToken: Set typ header (#87430)

TokenSigning: Set typ header
2025-02-25 18:55:37 -06:00 · 2024-05-07 13:59:23 +02:00 · 2024-05-07 13:59:23 +02:00 · 37af1ae58e
commit 37af1ae58e
parent bc67b88301
2 changed files with 5 additions and 2 deletions
--- a/pkg/services/auth/idimpl/service.go
+++ b/pkg/services/auth/idimpl/service.go
@ -108,7 +108,7 @@ func (s *Service) SignIdentity(ctx context.Context, id identity.Requester) (stri
 		}

 		extracted := auth.IDClaims{}
-		// We don't need to verify the signature here, we are only intrested in checking
+		// We don't need to verify the signature here, we are only interested in checking
 		// when the token expires.
 		if err := parsed.UnsafeClaimsWithoutVerification(&extracted); err != nil {
 			s.metrics.failedTokenSigningCounter.Inc()
--- a/pkg/services/auth/idimpl/signer.go
+++ b/pkg/services/auth/idimpl/signer.go
@ -54,7 +54,10 @@ func (s *LocalSigner) getSigner(ctx context.Context) (jose.Signer, error) {
 	}

 	signer, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: key}, &jose.SignerOptions{
-		ExtraHeaders: map[jose.HeaderKey]any{headerKeyID: id},
+		ExtraHeaders: map[jose.HeaderKey]any{
+			headerKeyID:     id,
+			jose.HeaderType: "jwt",
+		},
 	})

 	if err != nil {