This is a patch release of IdentityServer that fixes a bug where a private_key_jwt client authentication token would be rejected if it had no typ header, even if strict validation of such tokens was not enabled.
What's Changed
- Handle no typ in private_key_jwt authentication by @josephdecock in #1965