Revert and retract typ check (#150)

errors.go

@@ -14,6 +14,7 @@ var (
 	ErrUnsupportedAlg = errors.New("algorithm is not supported")
 
 	// ErrNotJWTType indicates that JWT token type is not JWT.
+	// Deprecated: leftover after a wrong feature, present due to backward compatibility.
 	ErrNotJWTType = errors.New("token of not JWT type")
 
 	// ErrInvalidFormat indicates that token format is not valid.

go.mod

@@ -1,3 +1,8 @@
 module github.com/cristalhq/jwt/v5
 
 go 1.19
+
+retract (
+	v5.3.0 // check 'typ' is too strict.
+	v5.2.0 // check 'typ' is too strict.
+)

parse.go

@@ -4,17 +4,12 @@ import (
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
-	"errors"
 )
 
 // Parse decodes a token and verifies it's signature.
 func Parse(raw []byte, verifier Verifier) (*Token, error) {
 	token, err := ParseNoVerify(raw)
 	if err != nil {
-		// See: https://github.com/cristalhq/jwt/issues/147
-		if errors.Is(err, ErrNotJWTType) {
-			return token, ErrNotJWTType
-		}
 		return nil, err
 	}
 	if err := verifier.Verify(token); err != nil {
@@ -82,10 +77,6 @@ func parse(token []byte) (*Token, error) {
 		header:    header,
 		claims:    claims,
 	}
-	if !constTimeEqual(tk.header.Type, "JWT") {
-		// See: https://github.com/cristalhq/jwt/issues/147
-		return tk, ErrNotJWTType
-	}
 	return tk, nil
 }
 

parse_test.go

@@ -49,17 +49,6 @@ func TestParseAnotherAlgorithm(t *testing.T) {
 	mustEqual(t, err, ErrAlgorithmMismatch)
 }
 
-func TestParseWrongType(t *testing.T) {
-	const tokenHS256 = `eyJhbGciOiJIUzI1NiIsInR5cCI6IkJPTUJPTSJ9.eyJqdGkiOiJqdXN0IGFuIGlkIiwiYXVkIjoiYXVkaWVuY2UifQ.t5oEdZGp0Qbth7lo5fZlV_o4-r9gMoYBSktXbarjWoo`
-	verifier := must(NewVerifierHS(HS256, []byte("key")))
-
-	token, err := Parse([]byte(tokenHS256), verifier)
-	mustEqual(t, err, ErrNotJWTType)
-	if token == nil {
-		t.Fatal()
-	}
-}
-
 func TestParseMalformed(t *testing.T) {
 	f := func(got string) {
 		t.Helper()