@elysiajs/jwt 1.3.1 → 1.3.3

package/README.md

@@ -1,4 +1,4 @@
-# @elysiajs/static
+# @elysiajs/jwt
 
 Plugin for [Elysia](https://github.com/elysiajs/elysia) for using JWT Authentication.
 
@@ -13,7 +13,6 @@ bun add @elysiajs/jwt
 ```typescript
 import { Elysia, t } from 'elysia';
 import { jwt } from '@elysiajs/jwt';
-import { cookie } from '@elysiajs/cookie';
 
 const app = new Elysia()
   .use(
@@ -23,9 +22,9 @@ const app = new Elysia()
       secret: 'MY_SECRETS',
     })
   )
-  .use(cookie())
-  .get('/sign/:name', async ({ jwt, cookie, setCookie, params }) => {
-    setCookie('auth', await jwt.sign(params), {
+  .get('/sign/:name', async ({ jwt, cookie: { auth }, params }) => {
+    auth.set({
+      value: await jwt.sign(params),
       httpOnly: true,
     });
 

package/dist/cjs/index.d.ts

@@ -1,17 +1,121 @@
-import { Elysia } from 'elysia';
-import { type JWTPayload, type JWSHeaderParameters, type CryptoKey, type JWK, type KeyObject } from 'jose';
-import type { Static, TSchema } from '@sinclair/typebox';
+import { Elysia, type TSchema, type UnwrapSchema as Static } from 'elysia';
+import { type CryptoKey, type JWK, type KeyObject, type JoseHeaderParameters, type JWTVerifyOptions } from 'jose';
 type UnwrapSchema<Schema extends TSchema | undefined, Fallback = unknown> = Schema extends TSchema ? Static<NonNullable<Schema>> : Fallback;
+type NormalizedClaim = 'nbf' | 'exp' | 'iat';
+type AllowClaimValue = string | number | boolean | null | undefined | AllowClaimValue[] | {
+    [key: string]: AllowClaimValue;
+};
+type ClaimType = Record<string, AllowClaimValue>;
+/**
+ * This interface is a specific, strongly-typed representation of the
+ * standard claims found in a JWT payload.
+ *
+ * It is re-declared here to override potentially generic definitions from
+ * third-party libraries, ensuring the compiler knows every expected field.
+ *
+ * This interface can be modified as needed within the plugin to easily
+ * accommodate custom claims for specific use cases.
+ */
 export interface JWTPayloadSpec {
+    /**
+     * JWT Issuer
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1 RFC7519#section-4.1.1}
+     */
     iss?: string;
+    /**
+     * JWT Subject
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2 RFC7519#section-4.1.2}
+     */
     sub?: string;
+    /**
+     * JWT Audience
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3 RFC7519#section-4.1.3}
+     */
     aud?: string | string[];
+    /**
+     * JWT ID
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7 RFC7519#section-4.1.7}
+     */
     jti?: string;
+    /**
+     * JWT Not Before
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5 RFC7519#section-4.1.5}
+     */
     nbf?: number;
+    /**
+     * JWT Expiration Time
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4 RFC7519#section-4.1.4}
+     */
     exp?: number;
+    /**
+     * JWT Issued At
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6 RFC7519#section-4.1.6}
+     */
     iat?: number;
 }
-export interface JWTOption<Name extends string | undefined = 'jwt', Schema extends TSchema | undefined = undefined> extends JWSHeaderParameters, Omit<JWTPayload, 'nbf' | 'exp'> {
+/**
+ * This interface defines the shape of JWT payload fields that can be
+ * provided as input when creating or signing a token.
+ *
+ * Unlike `JWTPayloadSpec`, values here may be expressed in more flexible forms,
+ * such as relative time strings or control flags (e.g., `iat: true`).
+ *
+ * This interface is parsed and normalized by the plugin before becoming part
+ * of the final JWT payload.
+ */
+export interface JWTPayloadInput extends Omit<JWTPayloadSpec, NormalizedClaim> {
+    /**
+     * JWT Not Before
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5 RFC7519#section-4.1.5}
+     */
+    nbf?: string | number;
+    /**
+     * JWT Expiration Time
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4 RFC7519#section-4.1.4}
+     */
+    exp?: string | number;
+    /**
+     * JWT Issued At
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6 RFC7519#section-4.1.6}
+     */
+    iat?: boolean;
+}
+/**
+ * Defines the types for the header parameters of a JWS.
+ *
+ * Much like `JWTPayloadSpec`, this interface is declared to provide strong,
+ * explicit typing, allowing TypeScript to validate the header's structure
+ * and provide accurate autocompletion.
+ *
+ * It can also be modified within the plugin to handle custom header
+ * parameters required for specific development scenarios.
+ */
+export interface JWTHeaderParameters extends JoseHeaderParameters {
+    /**
+     * JWS "alg" (Algorithm) Header Parameter
+     *
+     * @see {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}
+     */
+    alg?: string;
+    /**
+     * This JWS Extension Header Parameter modifies the JWS Payload representation and the JWS Signing
+     * Input computation as per {@link https://www.rfc-editor.org/rfc/rfc7797 RFC7797}.
+     */
+    b64?: true;
+    /** JWS "crit" (Critical) Header Parameter */
+    crit?: string[];
+}
+export interface JWTOption<Name extends string | undefined = 'jwt', Schema extends TSchema | undefined = undefined> extends JWTHeaderParameters, JWTPayloadInput {
     /**
      * Name to decorate method as
      *
@@ -39,32 +143,14 @@ export interface JWTOption<Name extends string | undefined = 'jwt', Schema exten
      * Type strict validation for JWT payload
      */
     schema?: Schema;
-    /**
-     * JWT Not Before
-     *
-     * @see [RFC7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
-     */
-    nbf?: string | number;
-    /**
-     * JWT Expiration Time
-     *
-     * @see [RFC7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
-     */
-    exp?: string | number;
 }
-export declare const jwt: <const Name extends string = "jwt", const Schema extends TSchema | undefined = undefined>({ name, secret, alg, crit, schema, nbf, exp, ...payload }: JWTOption<Name, Schema>) => Elysia<"", {
+export declare const jwt: <const Name extends string = "jwt", const Schema extends TSchema | undefined = undefined>({ name, secret, schema, ...defaultValues }: JWTOption<Name, Schema>) => Elysia<"", {
     decorator: { [name in Name extends string ? Name : "jwt"]: {
-        sign(morePayload: UnwrapSchema<Schema, Record<string, string | number>> & Omit<JWTPayloadSpec, "exp" | "nbf"> & {
-            exp?: string | number;
-            nbf?: string | number;
-        }): Promise<string>;
-        verify(jwt?: string): Promise<(UnwrapSchema<Schema, Record<string, string | number>> & JWTPayloadSpec) | false>;
+        sign(signValue: Omit<UnwrapSchema<Schema, ClaimType>, NormalizedClaim> & JWTPayloadInput): Promise<string>;
+        verify(jwt?: string, options?: JWTVerifyOptions): Promise<(UnwrapSchema<Schema, ClaimType> & Omit<JWTPayloadSpec, keyof UnwrapSchema<Schema, {}>>) | false>;
     }; } extends infer T ? { [K in keyof T]: { [name in Name extends string ? Name : "jwt"]: {
-        sign(morePayload: UnwrapSchema<Schema, Record<string, string | number>> & Omit<JWTPayloadSpec, "exp" | "nbf"> & {
-            exp?: string | number;
-            nbf?: string | number;
-        }): Promise<string>;
-        verify(jwt?: string): Promise<(UnwrapSchema<Schema, Record<string, string | number>> & JWTPayloadSpec) | false>;
+        sign(signValue: Omit<UnwrapSchema<Schema, ClaimType>, NormalizedClaim> & JWTPayloadInput): Promise<string>;
+        verify(jwt?: string, options?: JWTVerifyOptions): Promise<(UnwrapSchema<Schema, ClaimType> & Omit<JWTPayloadSpec, keyof UnwrapSchema<Schema, {}>>) | false>;
     }; }[K]; } : never;
     store: {};
     derive: {};

package/dist/cjs/index.js

@@ -2642,15 +2642,8 @@ var Type = type_exports2;
 var jwt = ({
   name = "jwt",
   secret,
-  // Start JWT Header
-  alg = "HS256",
-  crit,
   schema,
-  // End JWT Header
-  // Start JWT Payload
-  nbf,
-  exp,
-  ...payload
+  ...defaultValues
 }) => {
   if (!secret) throw new Error("Secret can't be empty");
   const key = typeof secret === "string" ? new TextEncoder().encode(secret) : secret;
@@ -2664,9 +2657,9 @@ var jwt = ({
           Type.Union([Type.String(), Type.Array(Type.String())])
         ),
         jti: Type.Optional(Type.String()),
-        nbf: Type.Optional(Type.Union([Type.String(), Type.Number()])),
-        exp: Type.Optional(Type.Union([Type.String(), Type.Number()])),
-        iat: Type.Optional(Type.String())
+        nbf: Type.Optional(Type.Number()),
+        exp: Type.Optional(Type.Number()),
+        iat: Type.Optional(Type.Number())
       })
     ]),
     {
@@ -2678,39 +2671,68 @@ var jwt = ({
     seed: {
       name,
       secret,
-      alg,
-      crit,
       schema,
-      nbf,
-      exp,
-      ...payload
+      ...defaultValues
     }
   }).decorate(name, {
-    sign(morePayload) {
-      const {
-        exp: morePayloadExp,
-        nbf: morePayloadNbf,
-        ...claimsMorePayload
-      } = morePayload;
-      let jwt2 = new import_jose.SignJWT({
-        ...payload,
-        ...claimsMorePayload
-      }).setProtectedHeader({
-        alg,
-        crit
+    sign(signValue) {
+      const { nbf, exp, iat, ...data } = signValue;
+      const JWTHeader = {
+        alg: defaultValues.alg ?? "HS256",
+        b64: defaultValues.b64,
+        crit: defaultValues.crit,
+        cty: defaultValues.cty,
+        jku: defaultValues.jku,
+        jwk: defaultValues.jwk,
+        kid: defaultValues.kid,
+        typ: defaultValues.typ ?? "JWT",
+        x5c: defaultValues.x5c,
+        x5t: defaultValues.x5t,
+        x5u: defaultValues.x5u
+      };
+      const JWTPayload = {
+        /**
+         * Audience (aud): Identifies the recipients that the JWT is intended for.
+         */
+        aud: data.aud ?? defaultValues.aud,
+        /**
+         * Issuer (iss): Identifies the principal that issued the JWT.
+         */
+        iss: data.iss ?? defaultValues.iss,
+        /**
+         * JWT ID (jti): Provides a unique identifier for the JWT.
+         */
+        jti: data.jti ?? defaultValues.jti,
+        /**
+         * Subject (sub): Identifies the principal that is the subject of the JWT.
+         */
+        sub: data.sub ?? defaultValues.sub,
+        // Includes all other properties from the data source, both standard and custom,
+        // excluding standard JWT claims like `nbf`, `exp` and `iat`.
+        ...data
+      };
+      let jwt2 = new import_jose.SignJWT({ ...JWTPayload }).setProtectedHeader({
+        alg: JWTHeader.alg,
+        ...JWTHeader
       });
-      if (morePayloadNbf !== void 0) {
-        jwt2 = jwt2.setNotBefore(morePayloadNbf);
+      const setNbf = "nbf" in signValue ? nbf : defaultValues.nbf;
+      if (setNbf !== void 0) {
+        jwt2 = jwt2.setNotBefore(setNbf);
       }
-      if (morePayloadExp !== void 0) {
-        jwt2 = jwt2.setExpirationTime(morePayloadExp);
+      const setExp = "exp" in signValue ? exp : defaultValues.exp;
+      if (setExp !== void 0) {
+        jwt2 = jwt2.setExpirationTime(setExp);
+      }
+      const setIat = "iat" in signValue ? iat : defaultValues.iat;
+      if (setIat !== false) {
+        jwt2 = jwt2.setIssuedAt(/* @__PURE__ */ new Date());
       }
       return jwt2.sign(key);
     },
-    async verify(jwt2) {
+    async verify(jwt2, options) {
       if (!jwt2) return false;
       try {
-        const data = (await (0, import_jose.jwtVerify)(jwt2, key)).payload;
+        const data = (await (options ? (0, import_jose.jwtVerify)(jwt2, key, options) : (0, import_jose.jwtVerify)(jwt2, key))).payload;
         if (validator && !validator.Check(data))
           throw new import_elysia.ValidationError("JWT", validator, data);
         return data;

package/dist/index.d.ts

@@ -1,17 +1,121 @@
-import { Elysia } from 'elysia';
-import { type JWTPayload, type JWSHeaderParameters, type CryptoKey, type JWK, type KeyObject } from 'jose';
-import type { Static, TSchema } from '@sinclair/typebox';
+import { Elysia, type TSchema, type UnwrapSchema as Static } from 'elysia';
+import { type CryptoKey, type JWK, type KeyObject, type JoseHeaderParameters, type JWTVerifyOptions } from 'jose';
 type UnwrapSchema<Schema extends TSchema | undefined, Fallback = unknown> = Schema extends TSchema ? Static<NonNullable<Schema>> : Fallback;
+type NormalizedClaim = 'nbf' | 'exp' | 'iat';
+type AllowClaimValue = string | number | boolean | null | undefined | AllowClaimValue[] | {
+    [key: string]: AllowClaimValue;
+};
+type ClaimType = Record<string, AllowClaimValue>;
+/**
+ * This interface is a specific, strongly-typed representation of the
+ * standard claims found in a JWT payload.
+ *
+ * It is re-declared here to override potentially generic definitions from
+ * third-party libraries, ensuring the compiler knows every expected field.
+ *
+ * This interface can be modified as needed within the plugin to easily
+ * accommodate custom claims for specific use cases.
+ */
 export interface JWTPayloadSpec {
+    /**
+     * JWT Issuer
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1 RFC7519#section-4.1.1}
+     */
     iss?: string;
+    /**
+     * JWT Subject
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2 RFC7519#section-4.1.2}
+     */
     sub?: string;
+    /**
+     * JWT Audience
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3 RFC7519#section-4.1.3}
+     */
     aud?: string | string[];
+    /**
+     * JWT ID
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7 RFC7519#section-4.1.7}
+     */
     jti?: string;
+    /**
+     * JWT Not Before
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5 RFC7519#section-4.1.5}
+     */
     nbf?: number;
+    /**
+     * JWT Expiration Time
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4 RFC7519#section-4.1.4}
+     */
     exp?: number;
+    /**
+     * JWT Issued At
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6 RFC7519#section-4.1.6}
+     */
     iat?: number;
 }
-export interface JWTOption<Name extends string | undefined = 'jwt', Schema extends TSchema | undefined = undefined> extends JWSHeaderParameters, Omit<JWTPayload, 'nbf' | 'exp'> {
+/**
+ * This interface defines the shape of JWT payload fields that can be
+ * provided as input when creating or signing a token.
+ *
+ * Unlike `JWTPayloadSpec`, values here may be expressed in more flexible forms,
+ * such as relative time strings or control flags (e.g., `iat: true`).
+ *
+ * This interface is parsed and normalized by the plugin before becoming part
+ * of the final JWT payload.
+ */
+export interface JWTPayloadInput extends Omit<JWTPayloadSpec, NormalizedClaim> {
+    /**
+     * JWT Not Before
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5 RFC7519#section-4.1.5}
+     */
+    nbf?: string | number;
+    /**
+     * JWT Expiration Time
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4 RFC7519#section-4.1.4}
+     */
+    exp?: string | number;
+    /**
+     * JWT Issued At
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6 RFC7519#section-4.1.6}
+     */
+    iat?: boolean;
+}
+/**
+ * Defines the types for the header parameters of a JWS.
+ *
+ * Much like `JWTPayloadSpec`, this interface is declared to provide strong,
+ * explicit typing, allowing TypeScript to validate the header's structure
+ * and provide accurate autocompletion.
+ *
+ * It can also be modified within the plugin to handle custom header
+ * parameters required for specific development scenarios.
+ */
+export interface JWTHeaderParameters extends JoseHeaderParameters {
+    /**
+     * JWS "alg" (Algorithm) Header Parameter
+     *
+     * @see {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}
+     */
+    alg?: string;
+    /**
+     * This JWS Extension Header Parameter modifies the JWS Payload representation and the JWS Signing
+     * Input computation as per {@link https://www.rfc-editor.org/rfc/rfc7797 RFC7797}.
+     */
+    b64?: true;
+    /** JWS "crit" (Critical) Header Parameter */
+    crit?: string[];
+}
+export interface JWTOption<Name extends string | undefined = 'jwt', Schema extends TSchema | undefined = undefined> extends JWTHeaderParameters, JWTPayloadInput {
     /**
      * Name to decorate method as
      *
@@ -39,32 +143,14 @@ export interface JWTOption<Name extends string | undefined = 'jwt', Schema exten
      * Type strict validation for JWT payload
      */
     schema?: Schema;
-    /**
-     * JWT Not Before
-     *
-     * @see [RFC7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5)
-     */
-    nbf?: string | number;
-    /**
-     * JWT Expiration Time
-     *
-     * @see [RFC7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4)
-     */
-    exp?: string | number;
 }
-export declare const jwt: <const Name extends string = "jwt", const Schema extends TSchema | undefined = undefined>({ name, secret, alg, crit, schema, nbf, exp, ...payload }: JWTOption<Name, Schema>) => Elysia<"", {
+export declare const jwt: <const Name extends string = "jwt", const Schema extends TSchema | undefined = undefined>({ name, secret, schema, ...defaultValues }: JWTOption<Name, Schema>) => Elysia<"", {
     decorator: { [name in Name extends string ? Name : "jwt"]: {
-        sign(morePayload: UnwrapSchema<Schema, Record<string, string | number>> & Omit<JWTPayloadSpec, "exp" | "nbf"> & {
-            exp?: string | number;
-            nbf?: string | number;
-        }): Promise<string>;
-        verify(jwt?: string): Promise<(UnwrapSchema<Schema, Record<string, string | number>> & JWTPayloadSpec) | false>;
+        sign(signValue: Omit<UnwrapSchema<Schema, ClaimType>, NormalizedClaim> & JWTPayloadInput): Promise<string>;
+        verify(jwt?: string, options?: JWTVerifyOptions): Promise<(UnwrapSchema<Schema, ClaimType> & Omit<JWTPayloadSpec, keyof UnwrapSchema<Schema, {}>>) | false>;
     }; } extends infer T ? { [K in keyof T]: { [name in Name extends string ? Name : "jwt"]: {
-        sign(morePayload: UnwrapSchema<Schema, Record<string, string | number>> & Omit<JWTPayloadSpec, "exp" | "nbf"> & {
-            exp?: string | number;
-            nbf?: string | number;
-        }): Promise<string>;
-        verify(jwt?: string): Promise<(UnwrapSchema<Schema, Record<string, string | number>> & JWTPayloadSpec) | false>;
+        sign(signValue: Omit<UnwrapSchema<Schema, ClaimType>, NormalizedClaim> & JWTPayloadInput): Promise<string>;
+        verify(jwt?: string, options?: JWTVerifyOptions): Promise<(UnwrapSchema<Schema, ClaimType> & Omit<JWTPayloadSpec, keyof UnwrapSchema<Schema, {}>>) | false>;
     }; }[K]; } : never;
     store: {};
     derive: {};

package/dist/index.mjs

@@ -5,7 +5,11 @@ var __export = (target, all) => {
 };
 
 // src/index.ts
-import { Elysia, ValidationError, getSchemaValidator } from "elysia";
+import {
+  Elysia,
+  ValidationError,
+  getSchemaValidator
+} from "elysia";
 import {
   SignJWT,
   jwtVerify
@@ -2626,15 +2630,8 @@ var Type = type_exports2;
 var jwt = ({
   name = "jwt",
   secret,
-  // Start JWT Header
-  alg = "HS256",
-  crit,
   schema,
-  // End JWT Header
-  // Start JWT Payload
-  nbf,
-  exp,
-  ...payload
+  ...defaultValues
 }) => {
   if (!secret) throw new Error("Secret can't be empty");
   const key = typeof secret === "string" ? new TextEncoder().encode(secret) : secret;
@@ -2648,9 +2645,9 @@ var jwt = ({
           Type.Union([Type.String(), Type.Array(Type.String())])
         ),
         jti: Type.Optional(Type.String()),
-        nbf: Type.Optional(Type.Union([Type.String(), Type.Number()])),
-        exp: Type.Optional(Type.Union([Type.String(), Type.Number()])),
-        iat: Type.Optional(Type.String())
+        nbf: Type.Optional(Type.Number()),
+        exp: Type.Optional(Type.Number()),
+        iat: Type.Optional(Type.Number())
       })
     ]),
     {
@@ -2662,39 +2659,68 @@ var jwt = ({
     seed: {
       name,
       secret,
-      alg,
-      crit,
       schema,
-      nbf,
-      exp,
-      ...payload
+      ...defaultValues
     }
   }).decorate(name, {
-    sign(morePayload) {
-      const {
-        exp: morePayloadExp,
-        nbf: morePayloadNbf,
-        ...claimsMorePayload
-      } = morePayload;
-      let jwt2 = new SignJWT({
-        ...payload,
-        ...claimsMorePayload
-      }).setProtectedHeader({
-        alg,
-        crit
+    sign(signValue) {
+      const { nbf, exp, iat, ...data } = signValue;
+      const JWTHeader = {
+        alg: defaultValues.alg ?? "HS256",
+        b64: defaultValues.b64,
+        crit: defaultValues.crit,
+        cty: defaultValues.cty,
+        jku: defaultValues.jku,
+        jwk: defaultValues.jwk,
+        kid: defaultValues.kid,
+        typ: defaultValues.typ ?? "JWT",
+        x5c: defaultValues.x5c,
+        x5t: defaultValues.x5t,
+        x5u: defaultValues.x5u
+      };
+      const JWTPayload = {
+        /**
+         * Audience (aud): Identifies the recipients that the JWT is intended for.
+         */
+        aud: data.aud ?? defaultValues.aud,
+        /**
+         * Issuer (iss): Identifies the principal that issued the JWT.
+         */
+        iss: data.iss ?? defaultValues.iss,
+        /**
+         * JWT ID (jti): Provides a unique identifier for the JWT.
+         */
+        jti: data.jti ?? defaultValues.jti,
+        /**
+         * Subject (sub): Identifies the principal that is the subject of the JWT.
+         */
+        sub: data.sub ?? defaultValues.sub,
+        // Includes all other properties from the data source, both standard and custom,
+        // excluding standard JWT claims like `nbf`, `exp` and `iat`.
+        ...data
+      };
+      let jwt2 = new SignJWT({ ...JWTPayload }).setProtectedHeader({
+        alg: JWTHeader.alg,
+        ...JWTHeader
       });
-      if (morePayloadNbf !== void 0) {
-        jwt2 = jwt2.setNotBefore(morePayloadNbf);
+      const setNbf = "nbf" in signValue ? nbf : defaultValues.nbf;
+      if (setNbf !== void 0) {
+        jwt2 = jwt2.setNotBefore(setNbf);
+      }
+      const setExp = "exp" in signValue ? exp : defaultValues.exp;
+      if (setExp !== void 0) {
+        jwt2 = jwt2.setExpirationTime(setExp);
       }
-      if (morePayloadExp !== void 0) {
-        jwt2 = jwt2.setExpirationTime(morePayloadExp);
+      const setIat = "iat" in signValue ? iat : defaultValues.iat;
+      if (setIat !== false) {
+        jwt2 = jwt2.setIssuedAt(/* @__PURE__ */ new Date());
       }
       return jwt2.sign(key);
     },
-    async verify(jwt2) {
+    async verify(jwt2, options) {
       if (!jwt2) return false;
       try {
-        const data = (await jwtVerify(jwt2, key)).payload;
+        const data = (await (options ? jwtVerify(jwt2, key, options) : jwtVerify(jwt2, key))).payload;
         if (validator && !validator.Check(data))
           throw new ValidationError("JWT", validator, data);
         return data;

package/package.json

@@ -1,7 +1,7 @@
 {
 	"name": "@elysiajs/jwt",
 	"description": "Plugin for Elysia for using JWT Authentication",
-	"version": "1.3.1",
+	"version": "1.3.3",
 	"author": {
 		"name": "saltyAom",
 		"url": "https://github.com/SaltyAom",