From c5eebcda9860c3d924d1bef17ae79a96ac12ea52 Mon Sep 17 00:00:00 2001 From: hristoterezov Date: Mon, 13 Jun 2016 16:43:15 -0500 Subject: [PATCH] Adds exception for preventing to send the JWT token --- modules/TokenData/TokenData.js | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/modules/TokenData/TokenData.js b/modules/TokenData/TokenData.js index e2a85cf7f..3a7ac29d6 100644 --- a/modules/TokenData/TokenData.js +++ b/modules/TokenData/TokenData.js @@ -67,9 +67,7 @@ class TokenData{ constructor(jwt) { if(!jwt) return; - //Use jwt param as token if there is not other token set - if(!config.token) - config.token = jwt; + this.jwt = jwt; //External API settings @@ -77,6 +75,12 @@ class TokenData{ enablePostis: true }; this._decode(); + // Use JWT param as token if there is not other token set and if the + // iss field is not anonymous. If you want to pass data with JWT token + // but you don't want to pass the JWT token for verification the iss + // field should be set to "anonymous" + if(!config.token && this.payload && this.payload.iss !== "anonymous") + config.token = jwt; } /**