fix: only add sub when provide

Author: zhengzheng-jason

src/wrapper/ReferralExchangeJwtClient.ts

@@ -107,17 +107,18 @@ function createSignedJwt({ privateKey, issuer, subject }: CreateSignedJwtArgs):
 } {
     const issuedAt = Math.floor(Date.now() / 1000);
     const expiresAtEpochSeconds = issuedAt + JWT_TTL_SECONDS;
+    const signOptions: jwt.SignOptions = {
+        algorithm: "ES256",
+        issuer,
+        expiresIn: JWT_TTL_SECONDS,
+    };
+
+    // Only add the claim if a value is provided(not null or undefined) 
+    if (subject != null) {
+        signOptions.subject = subject;
+    }
 
-    const token = jwt.sign(
-        {},
-        privateKey,
-        {
-            algorithm: "ES256",
-            issuer,
-            expiresIn: JWT_TTL_SECONDS,
-            subject,
-        },
-    );
+    const token = jwt.sign({}, privateKey, signOptions);
 
     return {
         token,

tests/unit/wrapper/ReferralExchangeJwtClient.test.ts

@@ -57,6 +57,28 @@ describe("ReferralExchangeJwtClient", () => {
         );
     });
 
+    it("omits subject claim when not provided", async () => {
+        signMock.mockReturnValue("token-1");
+
+        const client = new ReferralExchangeJwtClient({
+            privateKey: "fake-private-key",
+            apiKeyName: "issuer",
+        });
+
+        const fetcher = ((client as any)._options.fetcher) as (args: typeof requestArgs) => Promise<unknown>;
+
+        await fetcher(requestArgs);
+
+        const [, , options] = signMock.mock.calls[0];
+        expect(options).toEqual(
+            expect.objectContaining({
+                issuer: "issuer",
+                algorithm: "ES256",
+            }),
+        );
+        expect(options).not.toHaveProperty("subject");
+    });
+
     it("includes subject claim when provided", async () => {
         signMock.mockReturnValue("token-1");