On Jan 19, 2023, at 2:50 PM, Mark Nottingham <mnot=40mnot....@dmarc.ietf.org> wrote:
> Ah, interesting. Token has a constraint on the first character -- it must be > a letter. Is that always the case for a JWT? A JWT (JWS/JWE in compact serialization) should always start with “ey” due to the base64url encoding of the JSON object that forms its header. -David Waite (DW) _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth