Default header 'typ' breaking Apple JWT requests

[colinferm]

In namespace Lcobucci\JWT\Token\Builder:23, there is the line:

private array $headers = ['typ' => 'JWT', 'alg' => null];

The header typ => JWT is breaking requests with Apple JWT requests (such as APNS or Apple Books API requests).

Can you either (a) make Builder non-final so it can be subclassed and this variable can be easily overwritten or (b) can you remove this header from the default array?

[Slamdunk]

Hi, do you mind sharing the conflicting Apple JWTs as well as the code you use to handle those JWTs with this library?

[Ocramius]

Have you tried ->withHeader('typ', 'something-else')? It is overwritten that way, AFAIK

jwt/src/Token/Builder.php

Lines 70 to 76 in 5494ca9

	public function withHeader(string $name, mixed $value): BuilderInterface
	{
	$new = clone $this;
	$new->headers[$name] = $value;
	return $new;
	}

[colinferm]

Yeah. Apple doesn't like the header type at all. It's dumb but it's Apple.

[lcobucci]

We had other people using this library and successfully integrating with Apple (though I don't know details).

Do you have links to their documentation stating that they expect the header not to be defined?
Can it be a bug in their end instead?

Nevertheless, this library favours explicity. That means ensuring that downstream has an object that is a JWT (not some other types defined by the RFC group).

At this point, I don't see a reason for changing the implementation.
You may create your own builder and make the (temporary or not) modifications you require for your use case.