JWT returned by `Sessions.CreateSessionTokenAsync` lacks `azp` claim

[jfoshee]

When creating a Session Token using Sessions.CreateSessionTokenAsync, the JWT returned does not have an azp (authorized parties) claim.

This is likely because there is no Origin header associated with the request.

It's desirable for tokens to have the azp claim so that the application's backend can verify tokens in a consistent way.

Would it be possible to provide a way to specify the Origin as part of this request?
Or easily set common headers when constructing the ClerkBackendApi?

At this time, it seems I would need to implement ISpeakeasyHttpClient to accomplish this.

[logangingerich]

Hey @jfoshee , thanks again for reporting!

Let me circle back with the team on this one and will follow up ASAP on possible next steps.

In the meantime, we just released a new version with a number of updates. Would you mind testing v0.4.0 to confirm whether you see a difference in behavior?

[jfoshee]

I do not see a change in behavior in 0.5.0 (not too surprising, as the backend currently has no way of knowing what azp value to use).