From 23c218918a10e79db43ea07f0c954e9103f81522 Mon Sep 17 00:00:00 2001
From: Mohamed Elhedi Ben Yedder <mohamedelhedi.benyedder@coachess.net>
Date: Thu, 26 Dec 2024 13:09:47 +0100
Subject: [PATCH] fix: update JWT 'typ' validation to handle missing claims
 gracefully

---
 authlib/oauth2/rfc9068/claims.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/authlib/oauth2/rfc9068/claims.py b/authlib/oauth2/rfc9068/claims.py
index 4dcfea8e..83c39ec5 100644
--- a/authlib/oauth2/rfc9068/claims.py
+++ b/authlib/oauth2/rfc9068/claims.py
@@ -30,7 +30,9 @@ def validate(self, **kwargs):
     def validate_typ(self):
         # The resource server MUST verify that the 'typ' header value is 'at+jwt'
         # or 'application/at+jwt' and reject tokens carrying any other value.
-        if self.header['typ'].lower() not in ('at+jwt', 'application/at+jwt'):
+        # 'typ' is not a required claim, so we don't raise an error if it's missing.
+        typ = self.header.get('typ')
+        if typ and typ.lower() not in ('at+jwt', 'application/at+jwt'):
             raise InvalidClaimError('typ')
 
     def validate_client_id(self):