New issue: Header type for JWT format values from Atul Tulshibagwale on 2025-07-21 (ietf-http-wg@w3.org from July to September 2025)

From: Atul Tulshibagwale <atul@sgnl.ai>
Date: Mon, 21 Jul 2025 11:28:18 -0700
To: ietf-http-wg@w3.org
Message-ID: <CANtBS9ftaWjWJhbJd6BqRT+en7GTw8WHdqrtZNqLgmv7yhdc1g@mail.gmail.com>

Hello,
We are currently working on a draft for Transaction Tokens
<https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/>,
which envisions a new HTTP Request Header called "Txn-Token"
<https://www.ietf.org/archive/id/draft-ietf-oauth-transaction-tokens-05.html#name-txn-token-http-header>.
The header value is expected to be a JWT.

We were debating (see comments here
<https://github.com/oauth-wg/oauth-transaction-tokens/pull/176> and the
attached screenshot) which HTTP Structured Header Type
<https://www.rfc-editor.org/rfc/rfc8941.html> would be appropriate for such
a value. We do not want to enclose the value in quotes, so the STRING type
cannot be used. The JWTs also might be a bit long (> 1024 bytes).

What is this group's guidance for proposals that want to add HTTP Headers
that have JWT as their values?

Thanks,
Atul

-- 

 Atul Tulshibagwale

 CTO

  <https://www.linkedin.com/in/tulshi/> <atul@sgnl.ai>

[image: image.png]

Attachments

image/png attachment: image.png

Received on Tuesday, 22 July 2025 08:35:12 UTC