aud_header and scope on devise-jwt

[sardaukar]

(the New Issue button took me here from devise-jwt, hope this question makes sense here)

If I understand correctly, for JWTs to be valid with the devise-jwt plugin, I need to send the token itself on a header, and another header specifying the aud claim value that is to be valid? The README seems to imply it's optional ("If you don't want to differentiate between clients, you don't need to provide that header.") but if it's not provided, the check in lib/warden/jwt_auth/user_decoder.rb:44 will always fail - right? I'd really like to not need this second header.

Same for the scp claim, is there a way for it to be optional and always default to :user_account? (line 43 of the same file).

I'm trying to consume tokens generated outside of Rails. Thanks!

[jarednorman]

Sorry, this is not the right place for this question.

@waiting-for-dev I don't think the devise-jwt "New Issue" button should come here.

[waiting-for-dev]

This is pretty weird. Issues for devise-jwt always went to, surprise, devise-jwt. I haven't changed anything around that and I don't know if that's even possible 🤔