Is the JOSE Header a mandatory part of a JWT token

I am looking at adding JWT ability to a token generation system which is currently supporting SAML with our own signature and custom algorithm. In this case, should we always have the JOSE Header for the token or can we generate just the JWT with the Claims alone.

Solution

A JWT as sent on the wire in its compact serialized representation must always include a header, but if you don't sign the JWT, that header can be set to the base64encoded value of {"alg":"none"}.

However if you want to send it between two systems that you control and implement, you could only sent the payload JSON object, i.e. the JWT Claims Set. Of course you would then not be able to parse it using a JWT library, but you'd treat it like any other JSON object with a plain JSON parser.

Math.Sin() gives incorrect value
How to run my python script when the sunOS is start booting
Express-session: not resetting cookie expiration on each request
Getting a stack overflow exception when normalizing a vector
Edit default summary function in R gives error for multiple variables
What was a For loop? Why isn't it needed in R?
How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
Why are there two assignment operators, `<-` and `->` in R?
lm()$assign: what is it?
How to get the value of list(...) in R and S functions
Design matrix for MLM from library(lme4) with fixed and random effects
how to generate elements not included in my sample
Create a matrix with gradually changing values without a for loop
Emacs ESS and S-plus ( S+ ) 8.1 compatability
How to lag date-index in a time-series in R?
Nonlinear regression in R / S
Calling R from S-Plus?