Added a field to the user JWT that disables nonce verification when set.

account_claims_test.go

@@ -228,7 +228,7 @@ func TestAccountImports(t *testing.T) {
 func TestNewNilAccountClaim(t *testing.T) {
 	v := NewAccountClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil account claim"))
+		t.Fatal("expected nil account claim")
 	}
 }
 

activation_claims_test.go

@@ -136,7 +136,7 @@ func TestPublicIsNotValid(t *testing.T) {
 func TestNilActivationClaim(t *testing.T) {
 	v := NewActivationClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 

cluster_claims_test.go

@@ -113,7 +113,7 @@ func TestClusterSubjects(t *testing.T) {
 func TestNewNilClusterClaims(t *testing.T) {
 	v := NewClusterClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 

go.mod

@@ -1,3 +1,5 @@
 module github.com/nats-io/jwt
 
 require github.com/nats-io/nkeys v0.1.3
+
+go 1.13

operator_claims_test.go

@@ -110,7 +110,7 @@ func TestInvalidOperatorClaimIssuer(t *testing.T) {
 func TestNewNilOperatorClaims(t *testing.T) {
 	v := NewOperatorClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 

server_claims_test.go

@@ -113,7 +113,7 @@ func TestServerSubjects(t *testing.T) {
 func TestNewNilServerClaims(t *testing.T) {
 	v := NewServerClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }
 

user_claims.go

@@ -40,6 +40,8 @@ type UserClaims struct {
 	// IssuerAccount stores the public key for the account the issuer represents.
 	// When set, the claim was issued by a signing key.
 	IssuerAccount string `json:"issuer_account,omitempty"`
+	// When BearerToken is true server will ignore any nonce-signing verification
+	BearerToken bool `json:"bearer_token,omitempty"`
 }
 
 // NewUserClaims creates a user JWT with the specific subject/public key
@@ -97,3 +99,8 @@ func (u *UserClaims) Payload() interface{} {
 func (u *UserClaims) String() string {
 	return u.ClaimsData.String(u)
 }
+
+// IsBearerToken returns true if nonce-signing requirements should be skipped
+func (u *UserClaims) IsBearerToken() bool {
+	return u.BearerToken
+}

user_claims_test.go

@@ -113,7 +113,7 @@ func TestUserSubjects(t *testing.T) {
 func TestNewNilUserClaim(t *testing.T) {
 	v := NewUserClaims("")
 	if v != nil {
-		t.Fatal(fmt.Sprintf("expected nil user claim"))
+		t.Fatal("expected nil user claim")
 	}
 }