Hello,
We have deployed EHRBase with OAuth2 authentication. When making requests via Postman with an access token, we encounter the following error:
Bearer error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: JOSE header typ (type) at+jwt not allowed", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"
Our Identity Provider (OP) is an on-prem installation of IdentityServer. Since this OP serves multiple downstream systems, we cannot change the global JWT generation settings (specifically the typ header) without impacting other integrations.
Is there a configuration setting in EHRBase to allow the "typ": "at+jwt" header (as per RFC 9068)? We’ve noted that other providers like Keycloak use this format by default.
Any guidance or workarounds would be greatly appreciated.
Thanks,
Fredrik