feat(JWT Node): Add an option to allow a "kid" (key ID) header claim (#9797)

Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in>
2025-12-17 18:12:04 +00:00 · 2024-06-19 15:28:55 -04:00
parent 106b0ac1a0
commit 15d631c412
2 changed files with 359 additions and 137 deletions
--- a/packages/nodes-base/nodes/Jwt/Jwt.node.ts
+++ b/packages/nodes-base/nodes/Jwt/Jwt.node.ts
@@ -260,6 +260,20 @@ export class Jwt implements INodeType {
 							},
 						},
 					},
+					{
+						displayName: 'Key ID',
+						name: 'kid',
+						type: 'string',
+						placeholder: 'e.g. 123456',
+						default: '',
+						description:
+							'The kid (key ID) claim is an optional header claim, used to specify the key for validating the signature',
+						displayOptions: {
+							show: {
+								'/operation': ['sign'],
+							},
+						},
+					},
 					{
 						displayName: 'Override Algorithm',
 						name: 'algorithm',
@@ -349,6 +363,7 @@ export class Jwt implements INodeType {
 				ignoreExpiration?: boolean;
 				ignoreNotBefore?: boolean;
 				clockTolerance?: number;
+				kid?: string;
 			};

 			try {
@@ -375,9 +390,12 @@ export class Jwt implements INodeType {
 						secretOrPrivateKey = formatPrivateKey(credentials.privateKey);
 					}

-					const token = jwt.sign(payload, secretOrPrivateKey, {
+					const signingOptions: jwt.SignOptions = {
 						algorithm: options.algorithm ?? credentials.algorithm,
-					});
+					};
+					if (options.kid) signingOptions.keyid = options.kid;
+
+					const token = jwt.sign(payload, secretOrPrivateKey, signingOptions);

 					returnData.push({
 						json: { token },