Include typ in JWT protected header for client.grant() method

[jiawen-tw]

I am trying to implement the "private_key_jwt" flow for token endpoint. In the current implementation of client.grant(), the protected header is defaulted to {alg}. However, the OP I am integrating with enforces an additional field typ requirement.
When passing in client_assertion field into the client.grant() method's body parameter, it will get overwritten by the JWT that is generated by inside the method.

Some potential ideas:

1. Allow custom client_assertion value to take precedence when provided to the body field in client.grant()
2. Add the typ field in the protected header of the JWT generated inside client.grant() -> similar to the behaviour in client.requestObject() https://github.com/panva/node-openid-client/blob/47a549cb4e36ffe2ebfe2dc9d6b69a02643cc0a9/lib/client.js#L1508
3. Under extras in client.grant(), accept a new parameter clientAssertionHeader for extra parameters to be sent as part of JWT protected header, similar to the current behaviour for clientAssertionPayload

[benjosantony]

I am also facing a similar situation where my oidc provider is strict about the typ key in the header and thus failing to exchange token. @panva is there any change you can include the typ parameter in the header by default ? Or provide a way to customise the header keys ?

[panva]

What typ value is the provider requiring be present?

[jiawen-tw]

The provider currently checks for the existence of 'typin the header, and the default value it takes is 'JWT'. If possible, having the flexibility to provide the header parameters will be useful as the provider also recommends passing in an optionalkid` parameter for identifying the signing key used.