htm
Registry Context
`htm` is the DPoP proof claim containing the HTTP method of the request to which the proof is attached.
Technical Summary
In a DPoP proof JWT, `htm` identifies the HTTP method of the attached request. The payload must contain this claim, and the receiving server must verify that it matches the current request's HTTP method.
When Used
Used in DPoP proof JWTs attached to HTTP requests.
Normative Requirements
Servers
RFC 9449 - Section 4.3
ensure that the JWT contains all claims required by Section 4.2, including `htm`.
Condition: when validating a DPoP proof
To validate a DPoP proof, the receiving server MUST ensure ... All required claims per Section 4.2 are contained in the JWT.
RFC 9449 - Section 4.3
ensure that the `htm` claim matches the HTTP method of the current request.
Condition: when validating a DPoP proof
To validate a DPoP proof, the receiving server MUST ensure ... The htm claim matches the HTTP method of the current request.
DPoP proof JWT payload
RFC 9449 - Section 4.2
contain the `htm` claim.
The payload of a DPoP proof MUST contain at least the following claims: ... htm
Validation Guidance
Reject a DPoP proof if its payload does not include `htm`.
Reject a DPoP proof if `htm` does not match the HTTP method of the current request.
Reference
Details
- Entry Id
htm- Claim Name
htm- Claim Description
The HTTP method of the request- Change Controller
IETF- Reference
RFC9449 - Section 4.2