need to set 'x5t' in header

[fipp]

Hi! I am creating a PHP application that will read/write to my organizations office 365 calendar's. In order to get a valid authentication token to use in the Calendar API, I need to do send a POST request to the token issuing authority, containing a JSON Web Token signed with a private x509 key. A certificate thumbprint of the public key needs to be set as the value of the x5t key in the JWT header, if not I'm getting the following error:

Invalid JWT token. No certificate thumbprint specified in token header.

Can I modify the headers with this library? I've checked, and I cannot find a way. If not, do you plan to support it?

[lcobucci]

Hey @fipp!

I was planning to add that kind of header in the next major release (along with JWK support #32) but I think that it's quite simple to implement that in v3.x.

The simplest solution that comes to me now is adding a method in Builder to configure token headers (something like setHeader(string $name, mixed $value):Builder and just changes the headers only if it's not signed).

Using JWK would be much easier since things would be validated on the key creation, but thats what we're able to do now.

Would you like to send a PR with something close to that (using the branch 3.1)?

[lcobucci]

Hey @fipp go and install v3.1.0 and you'll able to change the token using the setHeader() method on Builder.

[fipp]

Thank you very much, great work! Sorry that I couldn't get around to submitting a PR...