Reason for "typ: jwt" requirement in jwt

While configuring jwt auth we noticed Jitsi requires the header to contain “typ: JWT”. This is optional in RFC 7519

The “typ” (type) Header Parameter defined by [JWS] and [JWE] is used
by JWT applications to declare the media type [IANA.MediaTypes] of
this complete JWT. This is intended for use by the JWT application
when values that are not JWTs could also be present in an application
data structure that can contain a JWT object; the application can use
this value to disambiguate among the different kinds of objects that
might be present. It will typically not be used by applications when
it is already known that the object is a JWT. This parameter is
ignored by JWT implementations; any processing of this parameter is
performed by the JWT application. If present, it is RECOMMENDED that
its value be “JWT” to indicate that this object is a JWT. While
media type names are not case sensitive, it is RECOMMENDED that “JWT”
always be spelled using uppercase characters for compatibility with
legacy implementations. Use of this Header Parameter is OPTIONAL.

Is this by design or are there any plans to deprecate or change this in the future?

Also, is it possible to ignore the “typ:” check in the Jitsi config?


It was introduced with this commit:

There is no config for this.

I guess, you can always patch it yourself jitsi-meet/luajwtjitsi.lib.lua at aeeca7c343d3e7a5c8c9e4bf422936c8ea4087fa · jitsi/jitsi-meet · GitHub