PrivateKeyJWT.headers field is not passed to private_key_jwt_sign function call in PrivateKeyJWT.sign method

[lycantropos]

Describe the bug

In commit 49c5556d8b2c7e4b8939e502fefd816bf766dfc3 headers parameter got re-introduced (previously known as header) and it is passed to client_secret_jwt_sign function call in ClientSecretJWT.sign method, but it is not passed to private_key_jwt_sign function call in PrivateKeyJWT.sign method, why is it so?

Also both client_secret_jwt_sign & private_key_jwt_sign eventually call sign_jwt_bearer_assertion which doesn't have headers parameter, but only header, so it looks to be skipped, is it expected?

Expected behavior

headers parameter is passed to private_key_jwt_sign function call in PrivateKeyJWT.sign method

class PrivateKeyJWT(ClientSecretJWT):
    ...
    def sign(self, auth, token_endpoint):
        return private_key_jwt_sign(
            auth.client_secret,
            client_id=auth.client_id,
            token_endpoint=token_endpoint,
            claims=self.claims,
            header=self.headers,
            alg=self.alg,
        )

Environment:

• OS: OS-independent
• Python Version: Python-independent
• Authlib Version: 1.2.0

[dhallam]

@lepture #552 is ready for review.

[jmacdone]

I was going nuts trying to add a x5t header for https://learn.microsoft.com/en-us/azure/active-directory/develop/certificate-credentials#assertion-format until I found this. I'm happy to see a PR ready for it. 👀

[jmacdone]

FWIW, @dhallam's #552 is working for me. With pip install git+https://github.com/dhallam/authlib@bug/515-rfc7523-apply-headers-while-signing I was finally able to get my access_token.

[lepture]

#552 is merged.