Skip to content

Add Support for JWT Files #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
danagarcia wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add Support for JWT Files #102

danagarcia wants to merge 1 commit into from

Conversation

@danagarcia
Copy link

@danagarcia danagarcia commented Sep 8, 2025

Adds support for JWT files as per it's RFC, cited below.

Citations:
RFC7519: https://datatracker.ietf.org/doc/html/rfc7519#section-10.3.1

@abonander
Copy link
Owner

abonander commented Sep 9, 2025

There's no file extension explicitly registered there. Is .jwt something that's starting to appear in practice?

@danagarcia
Copy link
Author

danagarcia commented Sep 9, 2025

In instances where JSON Web Tokens have to be stored as a file it was preferred to use either .txt or .jwt. I don't think there is a standard in the RFC for it; however, .txt is very broad and doesn't allow for easily identifying the file by extension.

If it has to be in the RFC which I would understand given we have to hold some standard, then maybe this is a case where the PR would be rejected on that grounds. I understand either way.

@abonander
Copy link
Owner

abonander commented Sep 14, 2025

This isn't meant to be a prescriptive source. It isn't really the place to propose a new file extension. Even mime-db, which aggregates several sources, doesn't recognize any file extensions for JWTs: https://github.com/jshttp/mime-db/blob/80b4e6ee439509e9fac9ca3c6befd159519e7ccc/src/apache-types.json#L204

So I'm torn. It's the obvious choice for a file extension, sure, and file extensions have historically been assigned ad hoc anyway, but I've never seen an application store a plaintext JWT on-disk without any other context. It's usually in some sort of config file.

If you can cite any specific applications that do this and why, then sure. Otherwise, it doesn't really make sense to add here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danagarcia @abonander