Ensure presence of claims

[curlyfingers]

Good day,
Is there a way to check for presence of particular claims when decoding JWT.

Sample scenario:
JWT is used as request signature & expiration flag. Exp claim cannot fail if there is no such claim in payload. Is there a way to ensure presence of said exp claim within payload?

[excpt]

Currently there is no option enforcing presence of a token. This is something that has to be implemented system specific. After decoding a token the payload is returned and it is possible to look for the presence of tokens.

Example:

payload, header = JWT.decode token, secret, true, 'HS256'

payload.include?('exp')
# false

[excpt]

@AlexPatrasco Did you try implementing the suggested code?

[curlyfingers]

@excpt Hi. Yes, we did implement similar logic in our project and we do raise an error since our flow relies on the presence of this particular claim.
But, perhaps, it is indeed project specific and therefore does not need to be forced

[RootTJNII]

I'd also like to +1 this. It would be nice to pass in an array of standard claims and treat the token as invalid if they're not present. This will allow for cleaner server-side control of what constitutes a valid token for the application.

[rabajaj0509]

I would like to work on this one. Is it possible to assign this issue to myself?

[andyjdavis]

I have raised a PR with a possible solution to this. Feedback welcome. #430

[andyjdavis]

I think this issue can now be closed.

[andyjdavis]

This issue is resolved by changes available in version 2.3.0. https://github.com/jwt/ruby-jwt/releases/tag/v2.3.0

I don't have the ability to mark this issue as closed. Is someone else able to?