On Jan 19, 2023, at 2:50 PM, Mark Nottingham <mnot=40mnot....@dmarc.ietf.org> 
wrote:
> Ah, interesting. Token has a constraint on the first character -- it must be 
> a letter. Is that always the case for a JWT?

A JWT (JWS/JWE in compact serialization) should always start with “ey” due to 
the base64url encoding of the JSON object that forms its header. 

-David Waite (DW)
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to