From 4e6b3798ebb8a90ab9069972184bad197cede74a Mon Sep 17 00:00:00 2001
From: Zicchio <33022304+Zicchio@users.noreply.github.com>
Date: Fri, 25 Oct 2024 11:02:48 +0200
Subject: [PATCH 1/2] typ in req obj jwt

---
 docs/en/remote-flow.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/en/remote-flow.rst b/docs/en/remote-flow.rst
index 07c28afde..ebce8aae7 100644
--- a/docs/en/remote-flow.rst
+++ b/docs/en/remote-flow.rst
@@ -240,7 +240,7 @@ where a non-normative example in the form of decoded header and payload is shown
 
   {
     "alg": "ES256",
-    "typ": "JWT",
+    "typ": "oauth-authz-req+jwt",
     "kid": "9tjiCaivhWLVUJ3AxwGGz_9",
     "trust_chain": [
       "MIICajCCAdOgAwIBAgIC...awz",
@@ -275,7 +275,7 @@ The JWS header parameters are described below:
   * - **alg**
     - Algorithm used to sign the JWT, according to [:rfc:`7516#section-4.1.1`]. It MUST be one of the supported algorithms in Section *Cryptographic Algorithms* and MUST NOT be set to ``none`` or to a symmetric algorithm (MAC) identifier.
   * - **typ**
-    - Media Type of the JWT, as defined in [:rfc:`7519`].
+    - Media Type of the JWT, as defined in [:rfc:`7519`] and [:rfc:`9101`]. It MUST be set to the value ``oauth-authz-req+jwt``.
   * - **kid**
     - Key ID of the public key needed to verify the JWS signature, as defined in [:rfc:`7517`]. REQUIRED when ``trust_chain`` is used.
   * - **trust_chain**

From 63c361b9c2fa40839aff49f3a9f4a46e0c5c63ca Mon Sep 17 00:00:00 2001
From: Giuseppe De Marco <giuseppe.demarco@teamdigitale.governo.it>
Date: Fri, 25 Oct 2024 16:19:35 +0200
Subject: [PATCH 2/2] Apply suggestions from code review

---
 docs/en/remote-flow.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/remote-flow.rst b/docs/en/remote-flow.rst
index ebce8aae7..cb7af52ae 100644
--- a/docs/en/remote-flow.rst
+++ b/docs/en/remote-flow.rst
@@ -275,7 +275,7 @@ The JWS header parameters are described below:
   * - **alg**
     - Algorithm used to sign the JWT, according to [:rfc:`7516#section-4.1.1`]. It MUST be one of the supported algorithms in Section *Cryptographic Algorithms* and MUST NOT be set to ``none`` or to a symmetric algorithm (MAC) identifier.
   * - **typ**
-    - Media Type of the JWT, as defined in [:rfc:`7519`] and [:rfc:`9101`]. It MUST be set to the value ``oauth-authz-req+jwt``.
+    - Media Type of the JWT, as defined in [:rfc:`7519`] and [:rfc:`9101`]. It SHOULD be set to the value ``oauth-authz-req+jwt``.
   * - **kid**
     - Key ID of the public key needed to verify the JWS signature, as defined in [:rfc:`7517`]. REQUIRED when ``trust_chain`` is used.
   * - **trust_chain**