"Unexpected token algorithm" error when validating CloudFlare's JWT

[petersondmg]

Hello,
I'm trying to validate Cloudflare Zero Trust JWT, but I'm getting the error "jwt: unexpected token algorithm". Looking at the code, I think the problem is related to this line the compares the header, since the JWT from CF doesn't have the "typ" field.

The line:

jwt/token.go

Line 169 in d03e03a

return Base64Encode([]byte(`{"alg":"` + alg + `","typ":"JWT"}`))

Cloudflare doc: https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/validating-json/

Thank you.

[ThinhNX]

Have you fixed this bug yet?
Im facing the same issue right now with an offline server and I dont have any solutions for it.

[borissov06]

This error also happens when the header contains a "kid" claim: the comparison only expects "alg" and "typ".