jwt 1.5.6 → 2.2.3

data/spec/fixtures/certs/rsa-2048-public.pem

@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4GzZTLU48c4WbyvHi+QK
-rB71x+T0eq5hqDbQqnlYjhD1Ika7io1iplsdJWJuyxfYbUkb2Ol0fj4koZ/GS6lg
-CZr4+8UHbr1qf0Eu5HZSpszs2YxY8U5RHnrpw67co7hlgAR9HbyNf5XIYgLV9ldH
-H/eazwnc3F/hgNsV0xjScVilejgocJ4zcsyymvW8t42lteM7bI867ZuJhGop/V+Y
-0HFyrMsPoQyLuCUpr6ulOfrkr7ZOdhAIG8r1HcjOp/AUjM15vfXcbUZjkM/Vloif
-X1YitU3upMGJ8/DpFGffMOImrn5r6BT494V8rRyN2qvQoAkLJpqZ0avLxwiR2lgV
-QQIDAQAB
------END PUBLIC KEY-----

data/spec/fixtures/certs/rsa-2048-wrong-private.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAzHAVGaW9j4l3/b4ngcjjoIoIcnsQEWOMqErb5VhLZMGIq1gE
-O5qxPDAwooKsNotzcAOB3ZyLn7p5D+dmOrNUYkYWgYITNGeSifrnVqQugd5Fh1L8
-K7zOGltUo2UtjbN4uJ56tzxBMZp2wejs2/Qu0eu0xZK3To+YkDcWOk92rmNgmUSQ
-C/kNyIOj+yBvOo3wTk6HvbhoIarCgJ6Lay1v/hMLyQLzwRY/Qfty1FTIDyTv2dch
-47FsfkZ1KAL+MbUnHuCBPzGxRjXa8Iy9Z7YGxrYasUt1b0um64bscxoIiCu8yLL8
-jlg01Rwrjr/MTwKRhwXlMp8B7HTonwtaG6arJwIDAQABAoIBAGFR4dmJusl/qW1T
-fj8cQLAFxaupxaZhe24J5NAyzgEy2Dqo9ariIwkB78UM66ozjEqAgOvcP+NTw5m8
-kD/VapA1yTTxlO7XdzzUAhiOo80S4IphCMZRZNPLMmluGtdf3lIUr1pXBrn0TCBX
-H5o9jaREzpNXGof9d6T/dEdh2J9+uE/p1xE5GSxQfaPheZzCG7636La/DcArg/UR
-+TusPqp62BEmk96pE/KKJRmEeH+WnPfSh6sMpLxi3hkEU7AynpliGT6Z6xV4csBI
-S/rdpkcj5DWpbnQzkwdrnL2Q+POEq/vlx5/NlezvtQPNLvQWDyY4yBCoMKGb3EbX
-xrxP7MECgYEA/kwe4P0Mqk+087IyhjDBGPfcMt8gfYc9nzNfIYSWdSwuSag/hqHq
-I4GwHQzUV9ix3iM6w5hin10yAzWxCYZg9hquV+lSvNNpGB76FX6oOqwuAhyQMRwv
-eW+VUyfFXeJugwL5JuIaNTvwPpQVDHYtELLifie+uzJ5HC6dhg/XchcCgYEAzc5/
-+IXjOlExd/mBgFk/5Y87ifA0ZOgbaJXifYgU0aNSgz1piHxU3n2p4jJ9lSdwwCl2
-Fb5EN7666t20PL5QcXJ5ZdaTRLzRlYiqTWzfYHBgttbB1Jl3Ed9GsKuzRgaRqGFC
-ANJSqZlKG0NZ3keRtuKdFwq+IVOnsQr9g0TZiXECgYEAqUgtCiMKCloTIGMQpSnR
-cXiWWjsUmturls4Q1vQ3YHrvuVLKLyqb/dT4Uu5WcMAs765OESThCit0/pQAbVHK
-PCpYwubskAzAGjGM00BEZwJ1gixXhIm5xMIWCowgI7Z3ULlq+IptXeCvtkjHlksZ
-BtO+WLLGkkEwRCV38WWcSzMCgYA/Xxqgl/mD94RYAQgTUWgPc69Nph08BQyLg7ue
-E8z1UGkT6FEaqc4oRGGPOSTaTK63PQ0TXOb8k0pTD7l0CtYSWMFwzkXCoLGYbeCi
-vqd5tqDRLAe7QxYa9rl5pSUqptMrGeeNATZa6sya4H5Hp5oCyny8n54z/OJh7ZRq
-W0TwwQKBgQDDP7ksm2pcqadaVAmODdOlaDHbaEcxp8wN7YVz0lM3UpJth96ukbj7
-S39eJhXYWOn6oJQb/lN9fGOYqjg3y6IchGZDp67ATvWYvn/NY0R7mt4K4oHx5TuN
-rSQlP3WmOGv8Kemw892uRfW/jZyBEHhsfS213WDttVPn9F635GdNWw==
------END RSA PRIVATE KEY-----

data/spec/fixtures/certs/rsa-2048-wrong-public.pem

@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHAVGaW9j4l3/b4ngcjj
-oIoIcnsQEWOMqErb5VhLZMGIq1gEO5qxPDAwooKsNotzcAOB3ZyLn7p5D+dmOrNU
-YkYWgYITNGeSifrnVqQugd5Fh1L8K7zOGltUo2UtjbN4uJ56tzxBMZp2wejs2/Qu
-0eu0xZK3To+YkDcWOk92rmNgmUSQC/kNyIOj+yBvOo3wTk6HvbhoIarCgJ6Lay1v
-/hMLyQLzwRY/Qfty1FTIDyTv2dch47FsfkZ1KAL+MbUnHuCBPzGxRjXa8Iy9Z7YG
-xrYasUt1b0um64bscxoIiCu8yLL8jlg01Rwrjr/MTwKRhwXlMp8B7HTonwtaG6ar
-JwIDAQAB
------END PUBLIC KEY-----

data/spec/fixtures/certs/rsa-4096-private.pem

@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJJwIBAAKCAgEAqETmgWBi5rCmb7euJplA/9xs65+bncc9Yvs5zjyycXSW82Jf
-RuyguGm0OvA2wog24dR4N2kT/87DcGtp5JqJWADVFNr+2V2r6i57/OMLruRpn3p2
-r95dmo0COE+BxPFl7XEBT8JbH57ZtpgcB3/xkS14nLOWFf96hrXPlXJC+VMVKVZm
-A8k2LRh42vT5wUf4U0Doy/p7yFNSFFa6Q8wwe4TBy/z/f+rhFD1w8rxlYjallee/
-ocm7bjZCwbJGMm7orLViqWfsFX3O35PeoJ5h/7uJ7iRwvTFERkTdwWP/0BeKBeIt
-BR3YFc2mut+V9W+WKRkMSL6Crc+oVSx3p8aB7j9SZFzQiRtes4BYETpX1xl2mgIq
-5hvsFbLw7ESrlIodiwUMTrSIid2DQ6q80kv1zXPr4+Id6L0sJLxPCaXnTmNtasSw
-yedJJYxLjwhHJwtzFAeaq18H3O791YKhjAJ6YxK3zJ59jTE6Pkvqjq183f2PGHVR
-vgSN7aCmI6MBUUB5wDP2K8zX2sh40/uPDVSd6ei1vl3DpPk+h8iExx6AzbohfqZ+
-5RUUNx127L3MaQvOVC5TxV+R99gwKW++wzcVuO3m2KqVUj+K1uYBy3KBCUMBbckp
-EWGbN++jcdV5oJX6fsC66nOmKlntYwCL/pRww+oLsbzF8J3dxeDbKNF9JDsCAwEA
-AQKCAgBJF8TZJjlP5CQoGy227pNhkSpvH6HFY6qyuFZf09XfmrmHd4/Tiy41bRUx
-FO90iR7t8hFWYHqjf/k9eCtDdi164MGukYJqgVoQG6kYLLgCfI21DMlJk9otLFtu
-gnroRcP05EWhk9dpYONJgcGLMHSKj6n4x7nGTHe41HkbfcrB6ukiT7l4o4q5BAxb
-cFadMtoXr/ZvxJrIZgkddJ7snGHjBcP5DCkgM7MZy6aoilWv1/UNrOF9MdgNA9zz
-rrD3b136x7/XvqC6pS+bxuvJ8YK4R4qeu42NYT07GOcK/pk8lz0JWTodIt2eevqV
-6lGFj7c2mv7PCpJRVgbVGL/RTVVap/+jbcRVLdnYKsII/dANG7iXnfwRgkLWet5D
-OOsPuvIuyiSaJIwcdRE3SSO+tZhKLt+gh/oLxBPw5Ex0FwsVTtYn3Q/X3EAx+Wph
-eFcRr3TVkDg0MfdWWkgk16DvYB5cWc29coTaH1g+2juadNHbtVAigwJorKc6sxH3
-QGsW0WQJ8ZRZgJkSUuu3nr7QD3ZrgHptONQAh1RWGnIWi6OlMfaPdMo+SDnnL5SG
-mpOPjWadDc1XvMFnKQYMYB5GWU/ZNmnZmDLyg1Pc0Y+qRUc0s83nZFHN60KnUrSz
-0MZDspSFtr0fMx0b2/EB4EbuXd3QjQURF6P6HtWBu6oFnzu1AQKCAQEA2R9BKJgJ
-vNP+DUu8NBzwmi0cKlAiaxt+w90i5DWq1XWPKgi+RVLkaQSJqHoYQVNgEwL/cWxp
-s2r3GCMNIdOrGdcm8dX/6UYFpRaFcViTycVEA7cwZOMppgqr2Q+ZYX42K7HObUVL
-JGvdEWWWfSsynUGsrG87DC1gl94ANxCdqkZdbW5d3X0w5v7M/1tlrmAeskZSZpeT
-8BwwM6REb0U/B4/i8TLtLi/PGmMTOIxW41uKS/S6kq/gwyv+jNNO0ljhPt25iSbV
-K5ZHS4YuPKLl0tZMaOkPco9s6t4ES/Y317zQoTzUkAAkkFO4QPzRZL0ESqVBNR0h
-Ao7FLmFZzFHpoQKCAQEAxmZBn0UrJLXkD7bw66y4RwzjQYmxLlkEl3uvjrvVSuL1
-mAHDW58aGIpFFZ8QSTtNewIBQYNifp/cdFHAagqtl/iMGEegaOpJAKu/ykrkfZUp
-7mYDNng4ZWpypeKaGMAQoNzZiUpF+BDnqbeb/kgYu6sNlh9gRHR79rgAuZQxZ/1B
-tE8WcUFi4CnTq2QLqX4LwMuZHWXAJQoMoW3K5av+J544lIM6GdMJuIONtBBkKVQD
-ErrJ0bqYeykrFS6pKl/NBCZLGo5xFFRiYEdZ1GlA3uW3EGKppz6PS7194+x5UVts
-xZPUfkgdFjWCczkl4JDoWfaNn5sgXtiVbGh1n3gYWwKCAQB7vHEg1kyuXU4qe5/d
-PyTraIvlnVeQHNJIgy0QS3l5Pw8A0IzG6y+anehpqHNMP1zAWPQEytkOVAZPriIc
-xgl7p37dUa0PX0V2SPhxmR5YXeCeEXc197PTmb9H67jos8nhauqOoW/qaMJK2M9D
-tCubLUNf3eAT14R16CHNP93qnUE/TSeXQ3JsIofne0neb47u4F6zcuzvaNEbjSEn
-HJqID7sw5GoA6WQo0I+yqWAXICMXmHf/gtYfxGHEFeSUwexULH5BKG1R8sncw7J0
-Ag3h8xkGrNON4SkcTLy8Iay/eS6YxRcKndo4mk2mU65tr77TX4xi3Z/jWkQLY5WO
-eJwhAoIBABO17wkSxyGDjJ/fDfpsE3bDmgRV2KuBHoqqOBvXH26sM7ghXLZKjT4o
-5ooqXmTYJm91GIjYs71exnkr8hDW9L4nbEuxOgeSVyRg69H+NMshOaQ8sE8GDJxO
-wgsnAyY4Vq6UomwYW/E0RL/AxRezM/nZGaVzgo3qgLJXP4MwbOQm7hMq1FD2LQuW
-PDhH3Ty+kA5ca97W0Asd/3k+Pi0pNDvdZUOj8e7E369cKoTcKAdPGGsQ8aILhsCd
-q3EUTKwwDl8+KrH9utBJPejQzeTjfBVo/xH6q145QeVFcy9ku/zQN3M9p5vQMEuX
-j1lBMTkpTFw7uYBE2idyHw5BJoZsWQcCggEADfZTChqnOncItSflzGoaAACrr4/x
-KyT/4A+cPMCs11JN9J+EWsCezya2o1l/NF7YPcBR4qjCmFMEiq5GxH5fGLQp0aa7
-V13mHA8XBQ25OW2K7BGJhMHdbuvTnl6jsOfC4+t7P2bUAYxoP6/ncxTzZ5OlBN5k
-aMv9firWl1kSKK75ww9DWn6j0rQ4dBetwX45EMcs+iKIdydg0fmJxR2EJ+uQsCFy
-xcWBEDqV7qLUi6UrAPL3v/DXUv9wKcKOTbKw/aNE8+YTWMUO330GCJ5cVU1eTL5t
-UrcNKOJkFIj7jJUCzv6vcy++hMJEbNXnnTVRnky6e9C2vwzMl33njntapg==
------END RSA PRIVATE KEY-----

data/spec/fixtures/certs/rsa-4096-public.pem

@@ -1,14 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqETmgWBi5rCmb7euJplA
-/9xs65+bncc9Yvs5zjyycXSW82JfRuyguGm0OvA2wog24dR4N2kT/87DcGtp5JqJ
-WADVFNr+2V2r6i57/OMLruRpn3p2r95dmo0COE+BxPFl7XEBT8JbH57ZtpgcB3/x
-kS14nLOWFf96hrXPlXJC+VMVKVZmA8k2LRh42vT5wUf4U0Doy/p7yFNSFFa6Q8ww
-e4TBy/z/f+rhFD1w8rxlYjallee/ocm7bjZCwbJGMm7orLViqWfsFX3O35PeoJ5h
-/7uJ7iRwvTFERkTdwWP/0BeKBeItBR3YFc2mut+V9W+WKRkMSL6Crc+oVSx3p8aB
-7j9SZFzQiRtes4BYETpX1xl2mgIq5hvsFbLw7ESrlIodiwUMTrSIid2DQ6q80kv1
-zXPr4+Id6L0sJLxPCaXnTmNtasSwyedJJYxLjwhHJwtzFAeaq18H3O791YKhjAJ6
-YxK3zJ59jTE6Pkvqjq183f2PGHVRvgSN7aCmI6MBUUB5wDP2K8zX2sh40/uPDVSd
-6ei1vl3DpPk+h8iExx6AzbohfqZ+5RUUNx127L3MaQvOVC5TxV+R99gwKW++wzcV
-uO3m2KqVUj+K1uYBy3KBCUMBbckpEWGbN++jcdV5oJX6fsC66nOmKlntYwCL/pRw
-w+oLsbzF8J3dxeDbKNF9JDsCAwEAAQ==
------END PUBLIC KEY-----

data/spec/integration/readme_examples_spec.rb

@@ -1,190 +0,0 @@
-# frozen_string_literal: true
-require_relative '../spec_helper'
-require 'jwt'
-
-describe 'README.md code test' do
-  context 'algorithm usage' do
-    let(:payload) { { data: 'test' } }
-
-    it 'NONE' do
-      token = JWT.encode payload, nil, 'none'
-      decoded_token = JWT.decode token, nil, false
-
-      expect(token).to eq 'eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJkYXRhIjoidGVzdCJ9.'
-      expect(decoded_token).to eq [
-        { 'data' => 'test' },
-        { 'typ' => 'JWT', 'alg' => 'none' }
-      ]
-    end
-
-    it 'HMAC' do
-      token = JWT.encode payload, 'my$ecretK3y', 'HS256'
-      decoded_token = JWT.decode token, 'my$ecretK3y', false
-
-      expect(token).to eq 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoidGVzdCJ9.ZxW8go9hz3ETCSfxFxpwSkYg_602gOPKearsf6DsxgY'
-      expect(decoded_token).to eq [
-        { 'data' => 'test' },
-        { 'typ' => 'JWT', 'alg' => 'HS256' }
-      ]
-    end
-
-    it 'RSA' do
-      rsa_private = OpenSSL::PKey::RSA.generate 2048
-      rsa_public = rsa_private.public_key
-
-      token = JWT.encode payload, rsa_private, 'RS256'
-      decoded_token = JWT.decode token, rsa_public, true, algorithm: 'RS256'
-
-      expect(decoded_token).to eq [
-        { 'data' => 'test' },
-        { 'typ' => 'JWT', 'alg' => 'RS256' }
-      ]
-    end
-
-    it 'ECDSA' do
-      ecdsa_key = OpenSSL::PKey::EC.new 'prime256v1'
-      ecdsa_key.generate_key
-      ecdsa_public = OpenSSL::PKey::EC.new ecdsa_key
-      ecdsa_public.private_key = nil
-
-      token = JWT.encode payload, ecdsa_key, 'ES256'
-      decoded_token = JWT.decode token, ecdsa_public, true, algorithm: 'ES256'
-
-      expect(decoded_token).to eq [
-        { 'data' => 'test' },
-        { 'typ' => 'JWT', 'alg' => 'ES256' }
-      ]
-    end
-  end
-
-  context 'claims' do
-    let(:hmac_secret) { 'MyP4ssW0rD' }
-
-    context 'exp' do
-      it 'without leeway' do
-        exp = Time.now.to_i + 4 * 3600
-        exp_payload = { data: 'data', exp: exp }
-
-        token = JWT.encode exp_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-
-      it 'with leeway' do
-        exp = Time.now.to_i - 10
-        leeway = 30 # seconds
-
-        exp_payload = { data: 'data', exp: exp }
-
-        token = JWT.encode exp_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, leeway: leeway, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-    end
-
-    context 'nbf' do
-      it 'without leeway' do
-        nbf = Time.now.to_i - 3600
-        nbf_payload = { data: 'data', nbf: nbf }
-        token = JWT.encode nbf_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-
-      it 'with leeway' do
-        nbf = Time.now.to_i + 10
-        leeway = 30
-        nbf_payload = { data: 'data', nbf: nbf }
-        token = JWT.encode nbf_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, leeway: leeway, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-    end
-
-    it 'iss' do
-      iss = 'My Awesome Company Inc. or https://my.awesome.website/'
-      iss_payload = { data: 'data', iss: iss }
-
-      token = JWT.encode iss_payload, hmac_secret, 'HS256'
-
-      expect do
-        JWT.decode token, hmac_secret, true, iss: iss, algorithm: 'HS256'
-      end.not_to raise_error
-    end
-
-    context 'aud' do
-      it 'array' do
-        aud = %w(Young Old)
-        aud_payload = { data: 'data', aud: aud }
-
-        token = JWT.encode aud_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, aud: %w(Old Young), verify_aud: true, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-
-      it 'string' do
-        expect do
-        end.not_to raise_error
-      end
-    end
-
-    it 'jti' do
-      iat = Time.now.to_i
-      hmac_secret = 'test'
-      jti_raw = [hmac_secret, iat].join(':').to_s
-      jti = Digest::MD5.hexdigest(jti_raw)
-      jti_payload = { data: 'data', iat: iat, jti: jti }
-
-      token = JWT.encode jti_payload, hmac_secret, 'HS256'
-
-      expect do
-        JWT.decode token, hmac_secret, true, verify_jti: true, algorithm: 'HS256'
-      end.not_to raise_error
-    end
-
-    context 'iat' do
-      it 'without leeway' do
-        iat = Time.now.to_i
-        iat_payload = { data: 'data', iat: iat }
-
-        token = JWT.encode iat_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, verify_iat: true, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-
-      it 'with leeway' do
-        iat = Time.now.to_i - 7
-        iat_payload = { data: 'data', iat: iat, leeway: 10 }
-
-        token = JWT.encode iat_payload, hmac_secret, 'HS256'
-
-        expect do
-          JWT.decode token, hmac_secret, true, verify_iat: true, algorithm: 'HS256'
-        end.not_to raise_error
-      end
-    end
-
-    it 'sub' do
-      sub = 'Subject'
-      sub_payload = { data: 'data', sub: sub }
-
-      token = JWT.encode sub_payload, hmac_secret, 'HS256'
-
-      expect do
-        JWT.decode token, hmac_secret, true, 'sub' => sub, :verify_sub => true, :algorithm => 'HS256'
-      end.not_to raise_error
-    end
-  end
-end

data/spec/jwt/verify_spec.rb

@@ -1,197 +0,0 @@
-# frozen_string_literal: true
-require 'spec_helper'
-require 'jwt/verify'
-
-module JWT
-  RSpec.describe Verify do
-    let(:base_payload) { { 'user_id' => 'some@user.tld' } }
-    let(:options) { { leeway: 0 } }
-
-    context '.verify_aud(payload, options)' do
-      let(:scalar_aud) { 'ruby-jwt-audience' }
-      let(:array_aud) { %w(ruby-jwt-aud test-aud ruby-ruby-ruby) }
-      let(:scalar_payload) { base_payload.merge('aud' => scalar_aud) }
-      let(:array_payload) { base_payload.merge('aud' => array_aud) }
-
-      it 'must raise JWT::InvalidAudError when the singular audience does not match' do
-        expect do
-          Verify.verify_aud(scalar_payload, options.merge(aud: 'no-match'))
-        end.to raise_error JWT::InvalidAudError
-      end
-
-      it 'must raise JWT::InvalidAudError when the payload has an array and none match the supplied value' do
-        expect do
-          Verify.verify_aud(array_payload, options.merge(aud: 'no-match'))
-        end.to raise_error JWT::InvalidAudError
-      end
-
-      it 'must raise JWT::InvalidAudError when the singular audience does not match and the options aud key is a string' do
-        expect do
-          Verify.verify_aud(scalar_payload, options.merge('aud' => 'no-match'))
-        end.to raise_error JWT::InvalidAudError
-      end
-
-      it 'must allow a matching singular audience to pass' do
-        Verify.verify_aud(scalar_payload, options.merge(aud: scalar_aud))
-      end
-
-      it 'must allow a matching audence to pass when the options key is a string' do
-        Verify.verify_aud(scalar_payload, options.merge('aud' => scalar_aud))
-      end
-
-      it 'must allow an array with any value matching the one in the options' do
-        Verify.verify_aud(array_payload, options.merge(aud: array_aud.first))
-      end
-
-      it 'must allow an array with any value matching the one in the options with a string options key' do
-        Verify.verify_aud(array_payload, options.merge('aud' => array_aud.first))
-      end
-
-      it 'should allow strings or symbolds in options array' do
-        options['aud'] = [
-          'ruby-jwt-aud', 
-          'test-aud',
-          'ruby-ruby-ruby',
-          :test
-        ]
-
-        array_payload['aud'].push('test')
-        
-        Verify.verify_aud(array_payload, options)
-      end
-    end
-
-    context '.verify_expiration(payload, options)' do
-      let(:leeway) { 10 }
-      let(:payload) { base_payload.merge('exp' => (Time.now.to_i - 5)) }
-
-      it 'must raise JWT::ExpiredSignature when the token has expired' do
-        expect do
-          Verify.verify_expiration(payload, options)
-        end.to raise_error JWT::ExpiredSignature
-      end
-
-      it 'must allow some leeway in the expiration when configured' do
-        Verify.verify_expiration(payload, options.merge(leeway: 10))
-      end
-
-      it 'must be expired if the exp claim equals the current time' do
-        payload['exp'] = Time.now.to_i
-
-        expect do
-          Verify.verify_expiration(payload, options)
-        end.to raise_error JWT::ExpiredSignature
-      end
-    end
-
-    context '.verify_iat(payload, options)' do
-      let(:iat) { Time.now.to_f }
-      let(:payload) { base_payload.merge('iat' => iat) }
-
-      it 'must allow a valid iat' do
-        Verify.verify_iat(payload, options)
-      end
-
-      it 'must allow configured leeway' do
-        Verify.verify_iat(payload.merge('iat' => (iat + 60)), options.merge(leeway: 70))
-      end
-
-      it 'must properly handle integer times' do
-        Verify.verify_iat(payload.merge('iat' => Time.now.to_i), options)
-      end
-
-      it 'must raise JWT::InvalidIatError when the iat value is not Numeric' do
-        expect do
-          Verify.verify_iat(payload.merge('iat' => 'not a number'), options)
-        end.to raise_error JWT::InvalidIatError
-      end
-
-      it 'must raise JWT::InvalidIatError when the iat value is in the future' do
-        expect do
-          Verify.verify_iat(payload.merge('iat' => (iat + 120)), options)
-        end.to raise_error JWT::InvalidIatError
-      end
-    end
-
-    context '.verify_iss(payload, options)' do
-      let(:iss) { 'ruby-jwt-gem' }
-      let(:payload) { base_payload.merge('iss' => iss) }
-
-      let(:invalid_token) { JWT.encode base_payload, payload[:secret] }
-
-      it 'must raise JWT::InvalidIssuerError when the configured issuer does not match the payload issuer' do
-        expect do
-          Verify.verify_iss(payload, options.merge(iss: 'mismatched-issuer'))
-        end.to raise_error JWT::InvalidIssuerError
-      end
-
-      it 'must raise JWT::InvalidIssuerError when the payload does not include an issuer' do
-        expect do
-          Verify.verify_iss(base_payload, options.merge(iss: iss))
-        end.to raise_error(JWT::InvalidIssuerError, /received <none>/)
-      end
-
-      it 'must allow a matching issuer to pass' do
-        Verify.verify_iss(payload, options.merge(iss: iss))
-      end
-    end
-
-    context '.verify_jti(payload, options)' do
-      let(:payload) { base_payload.merge('jti' => 'some-random-uuid-or-whatever') }
-
-      it 'must allow any jti when the verfy_jti key in the options is truthy but not a proc' do
-        Verify.verify_jti(payload, options.merge(verify_jti: true))
-      end
-
-      it 'must raise JWT::InvalidJtiError when the jti is missing' do
-        expect do
-          Verify.verify_jti(base_payload, options)
-        end.to raise_error JWT::InvalidJtiError, /missing/i
-      end
-
-      it 'must raise JWT::InvalidJtiError when the jti is an empty string' do
-        expect do
-          Verify.verify_jti(base_payload.merge('jti' => '   '), options)
-        end.to raise_error JWT::InvalidJtiError, /missing/i
-      end
-
-      it 'must raise JWT::InvalidJtiError when verify_jti proc returns false' do
-        expect do
-          Verify.verify_jti(payload, options.merge(verify_jti: ->(_jti) { false }))
-        end.to raise_error JWT::InvalidJtiError, /invalid/i
-      end
-
-      it 'true proc should not raise JWT::InvalidJtiError' do
-        Verify.verify_jti(payload, options.merge(verify_jti: ->(_jti) { true }))
-      end
-    end
-
-    context '.verify_not_before(payload, options)' do
-      let(:payload) { base_payload.merge('nbf' => (Time.now.to_i + 5)) }
-
-      it 'must raise JWT::ImmatureSignature when the nbf in the payload is in the future' do
-        expect do
-          Verify.verify_not_before(payload, options)
-        end.to raise_error JWT::ImmatureSignature
-      end
-
-      it 'must allow some leeway in the token age when configured' do
-        Verify.verify_not_before(payload, options.merge(leeway: 10))
-      end
-    end
-
-    context '.verify_sub(payload, options)' do
-      let(:sub) { 'ruby jwt subject' }
-
-      it 'must raise JWT::InvalidSubError when the subjects do not match' do
-        expect do
-          Verify.verify_sub(base_payload.merge('sub' => 'not-a-match'), options.merge(sub: sub))
-        end.to raise_error JWT::InvalidSubError
-      end
-
-      it 'must allow a matching sub' do
-        Verify.verify_sub(base_payload.merge('sub' => sub), options.merge(sub: sub))
-      end
-    end
-  end
-end