For a JWT object, the members of the JSON object represented by the JOSE Header describe the
cryptographic operations applied to the JWT and optionally, additional properties of the JWT.
Depending upon whether the JWT is a JWS or JWE, the corresponding rules for the JOSE Header
values apply.
The RFC 7519 specification
further specifies the use of the following Header Parameters in both the cases where the JWT is a
JWS and where it is a JWE:
"typ" (type) Header Parameter: This Header Parameter is OPTIONAL. When used, this Header
Parameter MUST be used to declare the MIME Media Type of this complete JWT. This parameter is
ignored by JWT implementations; any processing of this parameter is performed by the JWT
application. If present, it is RECOMMENDED that its value be "JWT" to indicate that this
object is a JWT. While media type names are not case sensitive, it is RECOMMENDED that "JWT"
always be spelled using uppercase characters for compatibility with legacy implementations.
"cty" (content type) Header Parameter: This Header Parameter is OPTIONAL. When used, this
Header Parameter MUST be used to declare the MIME Media Type of the secured content (the
payload). In the normal case in which nested signing or encryption operations are not employed,
the use of this Header Parameter is NOT RECOMMENDED. In the case that nested signing or
encryption is employed, this Header Parameter MUST be present; in this case, the value MUST be
"JWT", to indicate that a Nested JWT is carried in this JWT. While media type names are not
case sensitive, it is RECOMMENDED that "JWT" always be spelled using uppercase characters
for compatibility with legacy implementations.
JSON Web Token (JWT) Header
For a JWT object, the members of the JSON object represented by the JOSE Header describe the cryptographic operations applied to the JWT and optionally, additional properties of the JWT. Depending upon whether the JWT is a JWS or JWE, the corresponding rules for the JOSE Header values apply.
The RFC 7519 specification further specifies the use of the following Header Parameters in both the cases where the JWT is a JWS and where it is a JWE:
"typ" (type) Header Parameter: This Header Parameter is OPTIONAL. When used, this Header Parameter MUST be used to declare the MIME Media Type of this complete JWT. This parameter is ignored by JWT implementations; any processing of this parameter is performed by the JWT application. If present, it is RECOMMENDED that its value be "JWT" to indicate that this object is a JWT. While media type names are not case sensitive, it is RECOMMENDED that "JWT" always be spelled using uppercase characters for compatibility with legacy implementations.
"cty" (content type) Header Parameter: This Header Parameter is OPTIONAL. When used, this Header Parameter MUST be used to declare the MIME Media Type of the secured content (the payload). In the normal case in which nested signing or encryption operations are not employed, the use of this Header Parameter is NOT RECOMMENDED. In the case that nested signing or encryption is employed, this Header Parameter MUST be present; in this case, the value MUST be "JWT", to indicate that a Nested JWT is carried in this JWT. While media type names are not case sensitive, it is RECOMMENDED that "JWT" always be spelled using uppercase characters for compatibility with legacy implementations.