From a1affe960d0fc52e9042bcbdedb65734f8855580 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jose=CC=81=20F=2E=20Romaniello?= <jfromaniello@gmail.com>
Date: Tue, 16 Feb 2016 08:48:11 -0300
Subject: [PATCH] added missing validations of sub and jti

---
 index.js | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/index.js b/index.js
index 221dba2..1e14169 100644
--- a/index.js
+++ b/index.js
@@ -258,6 +258,18 @@ JWT.verify = function(jwtString, secretOrPublicKey, options, callback) {
       return done(new JsonWebTokenError('jwt issuer invalid. expected: ' + options.issuer));
   }
 
+  if (options.subject) {
+    if (payload.sub !== options.subject) {
+      return done(new JsonWebTokenError('jwt subject invalid. expected: ' + options.subject));
+    }
+  }
+
+  if (options.jwtid) {
+    if (payload.jti !== options.jwtid) {
+      return done(new JsonWebTokenError('jwt jwtid invalid. expected: ' + options.jwtid));
+    }
+  }
+
   if (options.maxAge) {
     var maxAge = ms(options.maxAge);
     if (typeof payload.iat !== 'number') {