fix(jwt): no need to verify typ header value

#20

Author: lepture

src/joserfc/errors.py

@@ -118,10 +118,5 @@ class InvalidTokenError(JoseError):
     description = "The token is not valid yet"
 
 
-class InvalidTypeError(JoseError):
-    error = "invalid_type"
-    description = 'The "typ" value in header is invalid'
-
-
 class InvalidPayloadError(JoseError):
     error = "invalid_payload"

src/joserfc/jwt.py

@@ -13,7 +13,7 @@
     decrypt_compact,
 )
 from .jwk import KeyFlexible
-from .errors import InvalidTypeError, InvalidPayloadError
+from .errors import InvalidPayloadError
 from .util import to_bytes
 from .registry import Header
 
@@ -93,13 +93,7 @@ def decode(
     except (TypeError, ValueError):
         raise InvalidPayloadError()
 
-    token = Token(header, claims)
-    typ = token.header.get("typ")
-    # https://www.rfc-editor.org/rfc/rfc7519#section-5.1
-    # If present, it is RECOMMENDED that its value be "JWT".
-    if typ and typ != "JWT":
-        raise InvalidTypeError()
-    return token
+    return Token(header, claims)
 
 
 def _decode_jwe(

tests/jwt/test_jwt.py

@@ -3,7 +3,6 @@
 from joserfc.jwk import OctKey
 from joserfc.errors import (
     InvalidPayloadError,
-    InvalidTypeError,
     MissingClaimError,
 )
 
@@ -14,11 +13,6 @@ def test_invalid_payload(self):
         data = jws.serialize_compact({"alg": "HS256"}, b"hello", key)
         self.assertRaises(InvalidPayloadError, jwt.decode, data, key)
 
-    def test_invalid_type(self):
-        key = OctKey.import_key("secret")
-        data = jws.serialize_compact({"alg": "HS256", "typ": "JOSE"}, b'{"iss":"a"}', key)
-        self.assertRaises(InvalidTypeError, jwt.decode, data, key)
-
     def test_claims_registry(self):
         key = OctKey.import_key("secret")
         data = jwt.encode({"alg": "HS256"}, {"sub": "a"}, key)