		@@ -6,2 +6,150 @@ # Change Log

		## 6.0.0 - 2016-04-27

		- Change .sign to standard async callback ([50873c7d45d2733244d5da8afef3d1872e657a60](https://github.com/auth0/node-jsonwebtoken/commit/50873c7d45d2733244d5da8afef3d1872e657a60))
		- Improved the options for the `sign` method ([53c3987b3cc34e95eb396b26fc9b051276e2f6f9](https://github.com/auth0/node-jsonwebtoken/commit/53c3987b3cc34e95eb396b26fc9b051276e2f6f9))

		- `expiresInMinutes` and `expiresInSeconds` are deprecated and no longer supported.
		- `notBeforeInMinutes` and `notBeforeInSeconds` are deprecated and no longer supported.
		- `options` are strongly validated.
		- `options.expiresIn`, `options.notBefore`, `options.audience`, `options.issuer`, `options.subject` and `options.jwtid` are mutually exclusive with `payload.exp`, `payload.nbf`, `payload.aud`, `payload.iss`
		- `options.algorithm` is properly validated.
		- `options.headers` is renamed to `options.header`.

		- update CHANGELOG to reflect most of the changes. closes #136 ([b87a1a8d2e2533fbfab518765a54f00077918eb7](https://github.com/auth0/node-jsonwebtoken/commit/b87a1a8d2e2533fbfab518765a54f00077918eb7)), closes [#136](https://github.com/auth0/node-jsonwebtoken/issues/136)
		- update readme ([53a88ecf4494e30e1d62a1cf3cc354650349f486](https://github.com/auth0/node-jsonwebtoken/commit/53a88ecf4494e30e1d62a1cf3cc354650349f486))

		## 5.7.0 - 2016-02-16


		- add support for validating multiples issuers. closes #163 ([39d9309ae05648dbd72e5fd1993df064ad0e8fa5](https://github.com/auth0/node-jsonwebtoken/commit/39d9309ae05648dbd72e5fd1993df064ad0e8fa5)), closes [#163](https://github.com/auth0/node-jsonwebtoken/issues/163)


		## 5.6.1 - 2016-02-16


		- 5.6.1 ([06d8209d499dbc9a8dd978ab6cbb9c6818fde203](https://github.com/auth0/node-jsonwebtoken/commit/06d8209d499dbc9a8dd978ab6cbb9c6818fde203))
		- fix wrong error when setting expiration on non-object payload. closes #153 ([7f7d76edfd918d6afc7c7cead888caa42ccaceb4](https://github.com/auth0/node-jsonwebtoken/commit/7f7d76edfd918d6afc7c7cead888caa42ccaceb4)), closes [#153](https://github.com/auth0/node-jsonwebtoken/issues/153)



		## 5.6.0 - 2016-02-16


		- added missing validations of sub and jti ([a1affe960d0fc52e9042bcbdedb65734f8855580](https://github.com/auth0/node-jsonwebtoken/commit/a1affe960d0fc52e9042bcbdedb65734f8855580))
		- Fix tests in jwt.rs.tests.js which causes 4 to fail ([8aedf2b1f575b0d9575c1fc9f2ac7bc868f75ff1](https://github.com/auth0/node-jsonwebtoken/commit/8aedf2b1f575b0d9575c1fc9f2ac7bc868f75ff1))
		- Update README.md ([349b7cd00229789b138928ca060d3ef015aedaf9](https://github.com/auth0/node-jsonwebtoken/commit/349b7cd00229789b138928ca060d3ef015aedaf9))



		## 5.5.4 - 2016-01-04


		- minor ([46552e7c45025c76e3f647680d7539a66bfac612](https://github.com/auth0/node-jsonwebtoken/commit/46552e7c45025c76e3f647680d7539a66bfac612))



		## 5.5.3 - 2016-01-04


		- add a console.warn on invalid options for string payloads ([71200f14deba0533d3261266348338fac2d14661](https://github.com/auth0/node-jsonwebtoken/commit/71200f14deba0533d3261266348338fac2d14661))
		- minor ([65b1f580382dc58dd3da6f47a52713776fd7cdf2](https://github.com/auth0/node-jsonwebtoken/commit/65b1f580382dc58dd3da6f47a52713776fd7cdf2))



		## 5.5.2 - 2016-01-04


		- fix signing method with sealed objects, do not modify the params object. closes #147 ([be9c09af83b09c9e72da8b2c6166fa51d92aeab6](https://github.com/auth0/node-jsonwebtoken/commit/be9c09af83b09c9e72da8b2c6166fa51d92aeab6)), closes [#147](https://github.com/auth0/node-jsonwebtoken/issues/147)



		## 5.5.1 - 2016-01-04


		- fix nbf verification. fix #152 ([786d37b299c67771b5e71a2ca476666ab0f97d98](https://github.com/auth0/node-jsonwebtoken/commit/786d37b299c67771b5e71a2ca476666ab0f97d98)), closes [#152](https://github.com/auth0/node-jsonwebtoken/issues/152)



		## 5.5.0 - 2015-12-28


		- improvements to nbf and jti claims ([46372e928f6d2e7398f9b88022ca617d2a3b0699](https://github.com/auth0/node-jsonwebtoken/commit/46372e928f6d2e7398f9b88022ca617d2a3b0699))
		- Remove duplicate payload line (fix bug in IE strict mode) ([8163d698e0c5ad8c44817a5dcd42a15d7e9c6bc8](https://github.com/auth0/node-jsonwebtoken/commit/8163d698e0c5ad8c44817a5dcd42a15d7e9c6bc8))
		- Remove duplicate require('ms') line ([7c00bcbcbf8f7503a1070b394a165eccd41de66f](https://github.com/auth0/node-jsonwebtoken/commit/7c00bcbcbf8f7503a1070b394a165eccd41de66f))
		- Update README to reflect addition of async sign ([d661d4b6f68eb417834c99b36769444723041ccf](https://github.com/auth0/node-jsonwebtoken/commit/d661d4b6f68eb417834c99b36769444723041ccf))



		## 5.4.0 - 2015-10-02


		- deprecate expireInMinutes and expireInSeconds - in favor of expiresIn ([39ecc6f8f310f8462e082f1d53de0b4222b29b6f](https://github.com/auth0/node-jsonwebtoken/commit/39ecc6f8f310f8462e082f1d53de0b4222b29b6f))


		## 5.3.0 - 2015-10-02


		- 5.3.0 ([5d559ced3fbf10c1adae2e5792deda06ea89bcd3](https://github.com/auth0/node-jsonwebtoken/commit/5d559ced3fbf10c1adae2e5792deda06ea89bcd3))
		- minor ([6e81ff87a3799b0e56db09cbae42a97e784716c4](https://github.com/auth0/node-jsonwebtoken/commit/6e81ff87a3799b0e56db09cbae42a97e784716c4))



		## 5.1.0 - 2015-10-02


		- added async signing ([9414fbcb15a1f9cf4fe147d070e9424c547dabba](https://github.com/auth0/node-jsonwebtoken/commit/9414fbcb15a1f9cf4fe147d070e9424c547dabba))
		- Update README.md ([40b2aaaa843442dfb8ee7b574f0a788177e7c904](https://github.com/auth0/node-jsonwebtoken/commit/40b2aaaa843442dfb8ee7b574f0a788177e7c904))



		## 5.0.5 - 2015-08-19


		- add ms dep to package.json ([f13b3fb7f29dff787e7c91ebe2eb5adeeb05f251](https://github.com/auth0/node-jsonwebtoken/commit/f13b3fb7f29dff787e7c91ebe2eb5adeeb05f251))
		- add note to explain, related to #96 #101 #6 ([dd8969e0e6ed0bcb9cae905d2b1a96476bd85da3](https://github.com/auth0/node-jsonwebtoken/commit/dd8969e0e6ed0bcb9cae905d2b1a96476bd85da3))
		- add tests for options.headers ([7787dd74e705787c39a871ca29c75a2e0a3948ac](https://github.com/auth0/node-jsonwebtoken/commit/7787dd74e705787c39a871ca29c75a2e0a3948ac))
		- add tests for verify expires ([d7c5793d98c300603440ab460c11665f661ad3a0](https://github.com/auth0/node-jsonwebtoken/commit/d7c5793d98c300603440ab460c11665f661ad3a0))
		- add verify option maxAge (with tests) ([49d54e54f7e70b1c53a2e4ee67e116c907d75319](https://github.com/auth0/node-jsonwebtoken/commit/49d54e54f7e70b1c53a2e4ee67e116c907d75319))
		- fix spelling error in error message ([8078b11b224fa05ac9003ca5aa2c85e9f0128cfb](https://github.com/auth0/node-jsonwebtoken/commit/8078b11b224fa05ac9003ca5aa2c85e9f0128cfb))
		- Fix typo options.header is not a documented option + ([5feaa5b962ccbddeff054817a410f7b0c1e6ce7f](https://github.com/auth0/node-jsonwebtoken/commit/5feaa5b962ccbddeff054817a410f7b0c1e6ce7f))
		- update JWT spec link. closes #112 ([f5fa50f797456a12240589161835c7ea30807195](https://github.com/auth0/node-jsonwebtoken/commit/f5fa50f797456a12240589161835c7ea30807195)), closes [#112](https://github.com/auth0/node-jsonwebtoken/issues/112)


		## 5.0.3 - 2015-07-15

		- Added nbf support ([f26ba4e2fa197a20497632b63ffcd13ae93aacc4](https://github.com/auth0/node-jsonwebtoken/commit/f26ba4e2fa197a20497632b63ffcd13ae93aacc4))
		- Added support for subject and jwt id ([ab76ec5bc554e2d1e25376ddb7cea711d86af651](https://github.com/auth0/node-jsonwebtoken/commit/ab76ec5bc554e2d1e25376ddb7cea711d86af651))
		- Fix `this` referring to the global object instead of `module.exports` in `verify()` ([93f554312e37129027fcf4916f48cb8d1b53588c](https://github.com/auth0/node-jsonwebtoken/commit/93f554312e37129027fcf4916f48cb8d1b53588c))
		- Fix typo, line 139 README, complete option for .decode. ([59c110aeb8c7c1847ef2ffd77702d13627c89e10](https://github.com/auth0/node-jsonwebtoken/commit/59c110aeb8c7c1847ef2ffd77702d13627c89e10))
		- minor ([61ff1172272b582902313e958058ff22413494af](https://github.com/auth0/node-jsonwebtoken/commit/61ff1172272b582902313e958058ff22413494af))



		## 5.0.2 - 2015-06-15


		- fix typo in docs . closes #86 ([3d3413221f36acef4dfd1cbed87f1f3565cd6f84](https://github.com/auth0/node-jsonwebtoken/commit/3d3413221f36acef4dfd1cbed87f1f3565cd6f84)), closes [#86](https://github.com/auth0/node-jsonwebtoken/issues/86)



		## 5.0.1 - 2015-05-15


		- Add option to return header and payload when decoding. ([7254e011b59f892d1947e6c11819281adac7069d](https://github.com/auth0/node-jsonwebtoken/commit/7254e011b59f892d1947e6c11819281adac7069d))
		- Avoid uncaught "SyntaxError: Unexpected token ͧ" error. ([0dc59cd6ee15d83a606acffa7909ee76176ae186](https://github.com/auth0/node-jsonwebtoken/commit/0dc59cd6ee15d83a606acffa7909ee76176ae186))
		- Document complete option in README. ([ec32b20241a74d9681ea26e1a7024b4642468c00](https://github.com/auth0/node-jsonwebtoken/commit/ec32b20241a74d9681ea26e1a7024b4642468c00))
		- Fix example in README, silence verbose logging. ([ba3174d10033c41e9c211a38f1cc67f74fbd7f69](https://github.com/auth0/node-jsonwebtoken/commit/ba3174d10033c41e9c211a38f1cc67f74fbd7f69))
		- Fix link to auth0.com in README ([1b3c5ff72c9bc25e9271646e679f3080f2a042a0](https://github.com/auth0/node-jsonwebtoken/commit/1b3c5ff72c9bc25e9271646e679f3080f2a042a0))
		- Immediate return if not decoded. ([851bda2b10168f3269c3da6e74d310742f31a193](https://github.com/auth0/node-jsonwebtoken/commit/851bda2b10168f3269c3da6e74d310742f31a193))
		- Prevent throw on undefined/null secret ([0fdf78d4dbf609455f3277d6169a987aef0384d4](https://github.com/auth0/node-jsonwebtoken/commit/0fdf78d4dbf609455f3277d6169a987aef0384d4))
		- Removed path from test ([d6240e24186732d368bffe21143becf44c38f0d6](https://github.com/auth0/node-jsonwebtoken/commit/d6240e24186732d368bffe21143becf44c38f0d6))
		- Simplified checking for missing key ([f1cffd033bffc44f20558eda4a797c3fa2f4ee05](https://github.com/auth0/node-jsonwebtoken/commit/f1cffd033bffc44f20558eda4a797c3fa2f4ee05))
		- Typo ([ffe68dbe0219bab535c1018448eb4c0b22f1f902](https://github.com/auth0/node-jsonwebtoken/commit/ffe68dbe0219bab535c1018448eb4c0b22f1f902))
		- Update CHANGELOG.md ([927cce0dad1bc9aad75aeef53e276cf4cfc0d776](https://github.com/auth0/node-jsonwebtoken/commit/927cce0dad1bc9aad75aeef53e276cf4cfc0d776))
		- Update CHANGELOG.md ([6879e0fdde222995c70a3a69a4af94993d9c667e](https://github.com/auth0/node-jsonwebtoken/commit/6879e0fdde222995c70a3a69a4af94993d9c667e))
		- Update CHANGELOG.md ([c5596c10e8705727fa13e0394184a606083078bc](https://github.com/auth0/node-jsonwebtoken/commit/c5596c10e8705727fa13e0394184a606083078bc))
		- Update CHANGELOG.md ([07541f0315f26d179e1cde92732b6124d6869b6f](https://github.com/auth0/node-jsonwebtoken/commit/07541f0315f26d179e1cde92732b6124d6869b6f))
		- Update CHANGELOG.md ([e6465d48ddd1dc2c3297229b28c78fd5490a2ba9](https://github.com/auth0/node-jsonwebtoken/commit/e6465d48ddd1dc2c3297229b28c78fd5490a2ba9))

		## [5.0.0] - 2015-04-11
		@@ -21,6 +169,6 @@

		- [verify] Update to jws@^3.0.0 and renaming `header.alg` mismatch exception to `invalid algorithm` and adding more mismatch tests.

		- [verify] Update to jws@^3.0.0 and renaming `header.alg` mismatch exception to `invalid algorithm` and adding more mismatch tests.

		As `jws@3.0.0` changed the verify method signature to be `jws.verify(signature, algorithm, secretOrKey)`, the token header must be decoded first in order to make sure that the `alg` field matches one of the allowed `options.algorithms`. After that, the now validated `header.alg` is passed to `jws.verify`


		As the order of steps has changed, the error that was thrown when the JWT was invalid is no longer the `jws` one:
		@@ -32,3 +180,3 @@ ```
		That old error (removed from jws) has been replaced by a `JsonWebTokenError` with message `invalid token`.


		> Important: versions >= 4.2.2 this library are safe to use but we decided to deprecate everything `< 5.0.0` to prevent security warnings from library `node-jws` when doing `npm install`.
		@@ -62,5 +210,5 @@
		When the verification part was expecting a token digitally signed with an asymmetric key (RS/ES family) of algorithms an attacker could send a token signed with a symmetric algorithm (HS* family).


		The issue was caused because the same signature was used to verify both type of tokens (`verify` method parameter: `secretOrPublicKey`).


		This change adds a new parameter to the verify called `algorithms`. This can be used to specify a list of supported algorithms, but the default value depends on the secret used: if the secretOrPublicKey contains the string `BEGIN CERTIFICATE` the default is `[ 'RS256','RS384','RS512','ES256','ES384','ES512' ]` otherwise is `[ 'HS256','HS384','HS512' ]`. (`jfromaniello`)
		@@ -67,0 +215,0 @@ https://github.com/auth0/node-jsonwebtoken/commit/c2bf7b2cd7e8daf66298c2d168a008690bc4bdd3

103

index.js

		var jws = require('jws');
		var ms = require('ms');
		var timespan = require('./lib/timespan');
		var xtend = require('xtend');

		var JWT = module.exports;
		@@ -41,102 +38,4 @@

		var payload_options = [
		'expiresIn',
		'notBefore',
		'expiresInMinutes',
		'expiresInSeconds',
		'audience',
		'issuer',
		'subject',
		'jwtid'
		];
		JWT.sign = require('./sign');

		JWT.sign = function(payload, secretOrPrivateKey, options, callback) {
		options = options \|\| {};
		var header = {};

		if (typeof payload === 'object') {
		header.typ = 'JWT';
		payload = xtend(payload);
		} else {
		var invalid_option = payload_options.filter(function (key) {
		return typeof options[key] !== 'undefined';
		})[0];

		if (invalid_option) {
		console.warn('invalid "' + invalid_option + '" option for ' + (typeof payload) + ' payload');
		}
		}


		header.alg = options.algorithm \|\| 'HS256';

		if (options.headers) {
		Object.keys(options.headers).forEach(function (k) {
		header[k] = options.headers[k];
		});
		}

		var timestamp = Math.floor(Date.now() / 1000);
		if (!options.noTimestamp) {
		payload.iat = payload.iat \|\| timestamp;
		}

		if (typeof options.notBefore !== 'undefined') {
		payload.nbf = timespan(options.notBefore);
		if (typeof payload.nbf === 'undefined') {
		throw new Error('"notBefore" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60');
		}
		}

		if (options.expiresInSeconds \|\| options.expiresInMinutes) {
		var deprecated_line;
		try {
		deprecated_line = /.\((.)\).*/.exec((new Error()).stack.split('\n')[2])[1];
		} catch(err) {
		deprecated_line = '';
		}

		console.warn('jsonwebtoken: expiresInMinutes and expiresInSeconds is deprecated. (' + deprecated_line + ')\n' +
		'Use "expiresIn" expressed in seconds.');

		var expiresInSeconds = options.expiresInMinutes ?
		options.expiresInMinutes * 60 :
		options.expiresInSeconds;

		payload.exp = timestamp + expiresInSeconds;
		} else if (typeof options.expiresIn !== 'undefined' && typeof payload === 'object') {
		payload.exp = timespan(options.expiresIn);
		if (typeof payload.exp === 'undefined') {
		throw new Error('"expiresIn" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60');
		}
		}

		if (options.audience)
		payload.aud = options.audience;

		if (options.issuer)
		payload.iss = options.issuer;

		if (options.subject)
		payload.sub = options.subject;

		if (options.jwtid)
		payload.jti = options.jwtid;

		var encoding = 'utf8';
		if (options.encoding) {
		encoding = options.encoding;
		}

		if(typeof callback === 'function') {
		jws.createSign({
		header: header,
		privateKey: secretOrPrivateKey,
		payload: JSON.stringify(payload)
		}).on('done', callback);
		} else {
		return jws.sign({header: header, payload: payload, secret: secretOrPrivateKey, encoding: encoding});
		}
		};

		JWT.verify = function(jwtString, secretOrPublicKey, options, callback) {
		@@ -143,0 +42,0 @@ if ((typeof options === 'function') && !callback) {

package.json

		{
		"name": "jsonwebtoken",
		"version": "5.7.0",
		"version": "6.0.0",
		"description": "JSON Web Token implementation (symmetric and asymmetric)",
		@@ -22,2 +22,3 @@ "main": "index.js",
		"dependencies": {
		"joi": "~8.0.5",
		"jws": "^3.0.0",
		@@ -30,2 +31,3 @@ "ms": "^0.7.1",
		"chai": "^1.10.0",
		"conventional-changelog": "~1.1.0",
		"mocha": "^2.1.0",
		@@ -32,0 +34,0 @@ "sinon": "^1.15.4"

README.md

		@@ -18,3 +18,3 @@ # jsonwebtoken [![Build Status](https://secure.travis-ci.org/auth0/node-jsonwebtoken.png)](http://travis-ci.org/auth0/node-jsonwebtoken)

		(Asynchronous) If a callback is supplied, callback is called with the JsonWebToken string
		(Asynchronous) If a callback is supplied, callback is called with the `err` or the JWT.

		@@ -30,5 +30,5 @@ (Synchronous) Returns the JsonWebToken as string

		* `algorithm` (default: `HS256`)
		* `expiresIn`: expressed in seconds or an string describing a time span [rauchg/ms](https://github.com/rauchg/ms.js). Eg: `60`, `"2 days"`, `"10h"`, `"7d"`
		* `notBefore`: expressed in seconds or an string describing a time span [rauchg/ms](https://github.com/rauchg/ms.js). Eg: `60`, `"2 days"`, `"10h"`, `"7d"`
		* `algorithm` or `alg` (default: `HS256`)
		* `expiresIn`: expressed in seconds or a string describing a time span [rauchg/ms](https://github.com/rauchg/ms.js). Eg: `60`, `"2 days"`, `"10h"`, `"7d"`
		* `notBefore`: expressed in seconds or a string describing a time span [rauchg/ms](https://github.com/rauchg/ms.js). Eg: `60`, `"2 days"`, `"10h"`, `"7d"`
		* `audience`
		@@ -40,13 +40,13 @@ * `subject`
		* `noTimestamp`
		* `headers`
		* `header`

		If `payload` is not a buffer or a string, it will be coerced into a string
		using `JSON.stringify`.
		If `payload` is not a buffer or a string, it will be coerced into a string using `JSON.stringify`.

		If any `expiresIn`, `notBeforeMinutes`, `audience`, `subject`, `issuer` are not provided, there is no default. The jwt generated won't include those properties in the payload.
		There are no default values for `expiresIn`, `notBefore`, `audience`, `subject`, `issuer`. These claims can also be provided in the payload directly with `exp`, `nbf`, `aud` and `sub` respectively, but you can't include in both places.

		Additional headers can be provided via the `headers` object.

		Generated jwts will include an `iat` claim by default unless `noTimestamp` is specified.
		The header can be customized via the `option.header` object.

		Generated JWTs will include an `iat` claim by default unless `noTimestamp` is specified.

		Example
		@@ -64,3 +64,3 @@
		// sign asynchronously
		jwt.sign({ foo: 'bar' }, cert, { algorithm: 'RS256' }, function(token) {
		jwt.sign({ foo: 'bar' }, cert, { algorithm: 'RS256' }, function(err, token) {
		console.log(token);
		@@ -67,0 +67,0 @@ });

test/async_sign.tests.js

		@@ -12,3 +12,4 @@ var jwt = require('../index');
		it('should return the same result as singing synchronously', function(done) {
		jwt.sign({ foo: 'bar' }, secret, { algorithm: 'HS256' }, function (asyncToken) {
		jwt.sign({ foo: 'bar' }, secret, { algorithm: 'HS256' }, function (err, asyncToken) {
		if (err) return done(err);
		expect(asyncToken).to.be.a('string');
		@@ -20,3 +21,11 @@ expect(asyncToken.split('.')).to.have.length(3);
		});

		it('should throw error', function(done) {
		//this throw an error because the secret is not a cert and RS256 requires a cert.
		jwt.sign({ foo: 'bar' }, secret, { algorithm: 'RS256' }, function (err) {
		expect(err).to.be.ok();
		done();
		});
		});
		});
		});

test/expires_format.tests.js

		@@ -36,5 +36,19 @@ var jwt = require('../index');
		jwt.sign({foo: 123}, '123', { expiresIn: { crazy : 213 } });
		}).to.throw(/"expiresIn" should be a number of seconds or string representing a timespan/);
		}).to.throw(/"expiresIn" must be a number/);
		});

		});
		it('should throw an error if expiresIn and exp are provided', function () {
		expect(function () {
		jwt.sign({ foo: 123, exp: 839218392183 }, '123', { expiresIn: '5h' });
		}).to.throw(/Bad "options.expiresIn" option the payload already has an "exp" property./);
		});


		it('should throw on deprecated expiresInSeconds option', function () {
		expect(function () {
		jwt.sign({foo: 123}, '123', { expiresInSeconds: 5 });
		}).to.throw('"expiresInSeconds" is not allowed');
		});


		});

test/jwt.rs.tests.js

		@@ -7,2 +7,3 @@ var jwt = require('../index');
		var assert = require('chai').assert;
		var ms = require('ms');

		@@ -56,3 +57,3 @@ describe('RS256', function() {
		describe('when signing a token with expiration', function() {
		var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresInMinutes: 10 });
		var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresIn: '10m' });

		@@ -69,3 +70,3 @@ it('should be valid expiration', function(done) {
		// expired token
		token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresInMinutes: -10 });
		token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresIn: -1 * ms('10m') });

		@@ -84,3 +85,3 @@ jwt.verify(token, pub, function(err, decoded) {
		// expired token
		token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresInMinutes: -10 });
		token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresIn: -1 * ms('10m') });

		@@ -100,4 +101,2 @@ jwt.verify(token, pub, { ignoreExpiration: true }, function(err, decoded) {
		jwt.verify(token, pub, function(err, decoded) {
		console.log(token);
		console.dir(arguments);
		assert.isNotNull(decoded);
		@@ -139,3 +138,3 @@ assert.isNull(err);
		// not active token
		token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', notBeforeMinutes: 10 });
		token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', notBefore: '10m' });

		@@ -142,0 +141,0 @@ jwt.verify(token, pub, { ignoreNotBefore: true }, function(err, decoded) {

test/noTimestamp.tests.js

		@@ -7,3 +7,3 @@ var jwt = require('../index');
		it('should work with string', function () {
		var token = jwt.sign({foo: 123}, '123', { expiresInMinutes: 5 , noTimestamp: true });
		var token = jwt.sign({foo: 123}, '123', { expiresIn: '5m' , noTimestamp: true });
		var result = jwt.verify(token, '123');
		@@ -13,2 +13,2 @@ expect(result.exp).to.be.closeTo(Math.floor(Date.now() / 1000) + (5*60), 0.5);

		});
		});

test/set_headers.tests.js

		var jwt = require('../index');
		var expect = require('chai').expect;

		describe('set headers', function() {
		describe('set header', function() {

		it('should add the header', function () {
		var token = jwt.sign({foo: 123}, '123', { headers: { foo: 'bar' } });
		var token = jwt.sign({foo: 123}, '123', { header: { foo: 'bar' } });
		var decoded = jwt.decode(token, {complete: true});
		@@ -12,4 +12,4 @@ expect(decoded.header.foo).to.equal('bar');

		it('should allow overriding headers', function () {
		var token = jwt.sign({foo: 123}, '123', { headers: { alg: 'HS512' } });
		it('should allow overriding header', function () {
		var token = jwt.sign({foo: 123}, '123', { header: { alg: 'HS512' } });
		var decoded = jwt.decode(token, {complete: true});
		@@ -19,2 +19,2 @@ expect(decoded.header.alg).to.equal('HS512');

		});
		});

test/expiresInSeconds.tests.js

.jshintrc

Sorry, the diff of this file is not supported yet

jsonwebtoken - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes