JWT generator: wrong header key "type"

[tricki]

Checklist

• This can be reproduced in the quickstart sample application.
• I have reviewed the README.md and have not found a solution.
• I have reviewed the EXAMPLES.md and have not found a solution.
• I have searched previous issues and have not found a solution.
• I have searched the Auth0 Community and have not found a solution.
• I agree to adhere to the Auth0 General Contribution Guidelines.
• I agree to uphold the Auth0 Code of Conduct.

SDK Version

8.7

PHP Version

PHP 8.1

Description

I'm trying to use \Auth0\SDK\Token\Generator to generate a JWT (to return to an Action in Auth0) but kept getting this error:

Error: The session token is invalid: Unexpected token payload type

I solved it by manually adding "typ": "JWT" to the header. The Generator class instead adds a "type": "JWT" to the header. I suspect that should be changed to "typ".

Note: I'm using Auth0-PHP in a Laravel app through auth0/login, but am using Generator directly.

How can we reproduce this issue?

$token = \Auth0\SDK\Token\Generator::create(
    signingKey: 'MY_SECRET',
    algorithm: Token::ALGO_HS256,
    claims: [
        // ...
    ],
    headers: ['typ' => 'JWT'], // this line makes the token valid
);

[evansims]

Good catch; thanks for reporting this! I've created a PR fixing the issue. I'll merge and release the fix once our team has an opportunity to review the changes.