remove default expiry in jwt token

2025-10-04 02:09:32 +02:00 · 2015-12-03 02:08:26 +09:00 · 2015-12-03 02:08:26 +09:00 · 8a342daef9
commit 8a342daef9
parent 9cb231391a
5 changed files with 25 additions and 14 deletions
--- a/lib/util/jwtutil.js
+++ b/lib/util/jwtutil.js
@ -1,17 +1,21 @@
 var assert = require('assert')
 var jws = require('jws')
+var _ = require('lodash')

 module.exports.encode = function(options) {
  assert.ok(options.payload, 'payload required')
  assert.ok(options.secret, 'secret required')

-  var expiry = options.expiry || Date.now() + 24 * 3600
+  var header = {
+    alg: 'HS256'
+  }
+
+  if (options.header) {
+    header = _.merge(header, options.header)
+  }

  return jws.sign({
-    header: {
-      alg: 'HS256'
-    , exp: expiry
-    }
+    header: header
  , payload: options.payload
  , secret: options.secret
  })