diff --git a/services/jwt.js b/services/jwt.js index 67e45a3ab..356adbb62 100644 --- a/services/jwt.js +++ b/services/jwt.js @@ -1,5 +1,5 @@ const jwt = require('jsonwebtoken'); -const uniq = require('lodash/uniq'); +const { merge, uniq, omitBy, isUndefined } = require('lodash'); /** * MultiSecret will take many secrets and provide a unified interface for @@ -22,7 +22,10 @@ class MultiSecret { * Sign will sign with the first secret. */ sign(payload, options) { - return this.secrets[0].sign(payload, options); + return this.secrets[0].sign( + omitBy(payload, isUndefined), + omitBy(options, isUndefined) + ); } /** @@ -78,10 +81,13 @@ class Secret { return jwt.sign( payload, this.signingKey, - Object.assign({}, options, { - keyid: this.kid, - algorithm: this.algorithm, - }) + omitBy( + merge({}, options, { + keyid: this.kid, + algorithm: this.algorithm, + }), + isUndefined + ) ); } diff --git a/services/tokens.js b/services/tokens.js index 636465262..2f62af61f 100644 --- a/services/tokens.js +++ b/services/tokens.js @@ -27,7 +27,9 @@ module.exports = class TokenService { pat: true, }; - set(payload, JWT_USER_ID_CLAIM, userID); + if (userID) { + set(payload, JWT_USER_ID_CLAIM, userID); + } // Sign the payload. const jwt = JWT_SECRET.sign(payload, {});