Re: New issue: Header type for JWT format values

Rory,

The current guidance is that all new HTTP fields are defined using structured field values.

Darrel

________________________________
From: Rory Hewitt <rory.hewitt@gmail.com>
Sent: Tuesday, July 22, 2025 5:06 PM
To: Atul Tulshibagwale <atul@sgnl.ai>
Cc: Amos Jeffries <squid3@treenet.co.nz>; ietf-http-wg@w3.org <ietf-http-wg@w3.org>
Subject: Re: New issue: Header type for JWT format values

You are correct - I meant the "Authorization" header - apologies for the confusion.

I guess my question is why you need to use a Structured Field at all - surely the server can define that it expects the field value to simply be the JWT?

Not all fields need to be structured - you can just use this format:

Txn-Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30

Received on Tuesday, 22 July 2025 21:14:33 UTC