From c4267cc655bc2721d846c98f8a40640d1a12e9ad Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 4 Sep 2020 15:30:12 +0200 Subject: [PATCH] refactor: removed `nonce` option from `JWT.sign` BREAKING CHANGE: `JWT.sign` function options no longer accept a `nonce` property. To create a JWT with a `nonce` just pass the value to the payload. --- docs/README.md | 2 -- lib/jwt/sign.js | 6 ++---- test/jwt/sign.test.js | 7 ------- types/index.d.ts | 1 - 4 files changed, 2 insertions(+), 14 deletions(-) diff --git a/docs/README.md b/docs/README.md index e03f96ac15..5d31cff7c3 100644 --- a/docs/README.md +++ b/docs/README.md @@ -857,8 +857,6 @@ that will be used to sign with is either provided as part of the 'options.algori - `jti`: `` JWT ID, "jti" claim value, if provided it will replace "jti" found in the payload - `kid`: `` When true it pushes the key's "kid" to the JWT Header. **Default:** 'true' for asymmetric keys, 'false' for symmetric keys. - - `nonce`: `` ID Token Nonce, "nonce" claim value, if provided it will replace "nonce" - found in the payload. See [OpenID Connect Core 1.0][connect-core] for details. - `notBefore`: `` JWT Not Before, "nbf" claim value, specified as string which is added to the current unix epoch timestamp e.g. `24 hours`, `20 m`, `60s`, etc., if provided it will replace Not Before found in the payload diff --git a/lib/jwt/sign.js b/lib/jwt/sign.js index 2f81142f4d..5f3416ae4c 100644 --- a/lib/jwt/sign.js +++ b/lib/jwt/sign.js @@ -36,7 +36,6 @@ const validateOptions = (options) => { isString(options.expiresIn, 'options.expiresIn') isString(options.notBefore, 'options.notBefore') isString(options.jti, 'options.jti') - isString(options.nonce, 'options.nonce') if (options.now !== undefined && (!(options.now instanceof Date) || !options.now.getTime())) { throw new TypeError('options.now must be a valid Date object') @@ -50,11 +49,11 @@ module.exports = (payload, key, options = {}) => { const { algorithm, audience, expiresIn, header = {}, iat = true, - issuer, jti, kid = true, nonce, notBefore, subject, now + issuer, jti, kid = true, notBefore, subject, now } = options validateOptions({ - algorithm, audience, expiresIn, header, iat, issuer, jti, kid, nonce, notBefore, now, subject + algorithm, audience, expiresIn, header, iat, issuer, jti, kid, notBefore, now, subject }) if (!isObject(payload)) { @@ -73,7 +72,6 @@ module.exports = (payload, key, options = {}) => { iss: issuer || payload.iss, jti: jti || payload.jti, iat: iat ? unix : payload.iat, - nonce: nonce || payload.nonce, exp: expiresIn ? unix + secs(expiresIn) : payload.exp, nbf: notBefore ? unix + secs(notBefore) : payload.nbf } diff --git a/test/jwt/sign.test.js b/test/jwt/sign.test.js index 78d9f65d48..6de1f51d6d 100644 --- a/test/jwt/sign.test.js +++ b/test/jwt/sign.test.js @@ -24,7 +24,6 @@ test('options.algorithm must be string', string, 'algorithm') test('options.expiresIn must be string', string, 'expiresIn') test('options.issuer must be string', string, 'issuer') test('options.jti must be string', string, 'jti') -test('options.nonce must be string', string, 'nonce') test('options.notBefore must be string', string, 'notBefore') test('options.subject must be string', string, 'subject') @@ -142,12 +141,6 @@ test('options.iat', t => { t.is(decoded.iat, epoch) }) -test('options.nonce', t => { - const nonce = 'foo' - const { nonce: pNonce } = JWT.decode(JWT.sign({ nonce: 'bar' }, key, { nonce })) - t.is(pNonce, nonce) -}) - test('options.audience', t => { const audience = 'foo' const { aud } = JWT.decode(JWT.sign({}, key, { audience })) diff --git a/types/index.d.ts b/types/index.d.ts index 3c02c9ac5f..1eaf284183 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -471,7 +471,6 @@ export namespace JWT { expiresIn?: string; notBefore?: string; jti?: string; - nonce?: string; now?: Date; }