diff --git a/rest_framework_simplejwt/tokens.py b/rest_framework_simplejwt/tokens.py index f0cfb846c..12f489ba4 100644 --- a/rest_framework_simplejwt/tokens.py +++ b/rest_framework_simplejwt/tokens.py @@ -92,11 +92,18 @@ def verify(self): # claim. We don't want any zombie tokens walking around. self.check_exp() - # Ensure token id is present - if api_settings.JTI_CLAIM not in self.payload: + # If the defaults are not None then we should enforce the + # requirement of these settings.As above, the spec labels + # these as optional. + if ( + api_settings.JTI_CLAIM is not None + and api_settings.JTI_CLAIM not in self.payload + ): raise TokenError(_("Token has no id")) - self.verify_token_type() + if api_settings.TOKEN_TYPE_CLAIM is not None: + + self.verify_token_type() def verify_token_type(self): """ diff --git a/tests/test_tokens.py b/tests/test_tokens.py index 1472fdbb0..ab65b5acc 100644 --- a/tests/test_tokens.py +++ b/tests/test_tokens.py @@ -225,6 +225,16 @@ def test_set_jti(self): self.assertIn("jti", token) self.assertNotEqual(old_jti, token["jti"]) + def test_optional_jti(self): + with override_api_settings(JTI_CLAIM=None): + token = MyToken() + self.assertNotIn("jti", token) + + def test_optional_type_token(self): + with override_api_settings(TOKEN_TYPE_CLAIM=None): + token = MyToken() + self.assertNotIn("type", token) + def test_set_exp(self): now = make_utc(datetime(year=2000, month=1, day=1))