From 51040e82b6f719f09a0edcb386efd160044fe352 Mon Sep 17 00:00:00 2001
From: arthurchan35 <arthurchan35@gmail.com>
Date: Fri, 19 Aug 2022 22:23:20 +0800
Subject: [PATCH] specs says type in header should at+jwt

---
 .../oauth2/provider/AbstractOAuthDataProvider.java        | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index eca4d18e881..a24048f01aa 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -27,6 +27,7 @@
 import jakarta.ws.rs.core.MultivaluedMap;
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
@@ -646,7 +647,12 @@ protected String processJwtAccessToken(JwtClaims jwtCliams) {
         // It will JWS-sign (default) and/or JWE-encrypt
         OAuthJoseJwtProducer processor =
             getJwtAccessTokenProducer() == null ? new OAuthJoseJwtProducer() : getJwtAccessTokenProducer();
-        return processor.processJwt(new JwtToken(jwtCliams));
+
+        JwsHeaders jwsHeaders = new JwsHeaders();
+
+        jwsHeaders.setHeader("typ", "at+jwt");
+
+        return processor.processJwt(new JwtToken(jwsHeaders, jwtCliams));
     }
 
     public Map<String, String> getJwtAccessTokenClaimMap() {