This is an automated email from the ASF dual-hosted git repository. rnewson pushed a commit to branch jwtf-invalid-typ in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 4a15af46513401ebe818209301fbfa6c3a012bf8 Author: Robert Newson <[email protected]> AuthorDate: Fri Jan 16 14:22:08 2026 +0000 Tolerate invalid typ claim when not required NB The test causes an error at sig verification stage which comes after claim verification. closes: https://github.com/apache/couchdb/issues/5838 --- src/jwtf/src/jwtf.erl | 3 ++- src/jwtf/test/jwtf_tests.erl | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/jwtf/src/jwtf.erl b/src/jwtf/src/jwtf.erl index 01f4be3cb..4c4a3e8ba 100644 --- a/src/jwtf/src/jwtf.erl +++ b/src/jwtf/src/jwtf.erl @@ -168,7 +168,8 @@ validate_typ(Props, Checks) -> Required = prop(typ, Checks), TYP = prop(<<"typ">>, Props), case {Required, TYP} of - {undefined, undefined} -> + % ignore unrequired check + {undefined, _} -> ok; {true, undefined} -> throw({bad_request, <<"Missing typ header parameter">>}); diff --git a/src/jwtf/test/jwtf_tests.erl b/src/jwtf/test/jwtf_tests.erl index f7f410e67..40b190f52 100644 --- a/src/jwtf/test/jwtf_tests.erl +++ b/src/jwtf/test/jwtf_tests.erl @@ -88,6 +88,15 @@ invalid_typ_test() -> jwtf:decode(Encoded, [typ], nil) ). +ignored_typ_test() -> + Encoded = encode({[{<<"typ">>, <<"NOPE">>}]}, {[]}), + Ref = make_ref(), + KS = fun(_, _) -> throw(Ref) end, + ?assertEqual( + {error, Ref}, + jwtf:decode(Encoded, [], KS) + ). + missing_alg_test() -> Encoded = encode({[]}, []), ?assertEqual(
