Possible errors in the Detached/Attached JWS examples

[alessandrodi]

Hello everyone!

Thank you very much for your efforts to write the GNAP Protocol. We are in the process of implementing it and, while we are testing our code using the examples in the specs, we might have found some discrepancies between the text written in the specs and what has been encoded in the examples.

The "Detached-JWS" header in https://datatracker.ietf.org/doc/html/draft-ietf-gnap-core-protocol-20#section-7.3.3-17 and the Attached JWS here https://datatracker.ietf.org/doc/html/draft-ietf-gnap-core-protocol-20#section-7.3.4-15 when decoded in www.jwt.io both have same header:

{
  "alg": "RS256",
  "created": 1618884475,
  "htm": "POST",
  "kid": "gnap-rsa",
  "typ": "gnap-binding+jwsd",
  "uri": "https://server.example.com/gnap"
}

I think since GNAP version 19 "typ" should not have "+", and more specifically for the Attached JWS the "typ" should be "gnap-binding-jws" (without "d" in the end).

Can you verify?

Best regards,

Alessandro

[jricher]

You are correct that the examples have the incorrect values. The JWT types were updated in a relatively late review #533, and the breaking change was announced to the list here https://mailarchive.ietf.org/arch/msg/txauth/tte1trURckR71vYvX5JUFpwQiQk/ -- it looks like we missed updating the encoded examples though, so good catch! We'll make sure the examples are re-generated during the RFC Editor review process.