There should be no jti instead of a jwtid?
jwt.verify(token, cert, { audience: 'urn:foo', issuer: 'urn:issuer', jwtid: 'jwtid' }, function(err, decoded) {
According to https://tools.ietf.org/html/rfc7519#section-4.1.7 JWT ID should be named jti, or am I wrong?
It is named jwtid only in the options, to make it more readable, same thing happens there with audience instead of aud or issuer instead of iss.
Ok, thank you
Most helpful comment
It is named
jwtidonly in the options, to make it more readable, same thing happens there withaudienceinstead ofaudorissuerinstead ofiss.