index.js

@@ -38,15 +38,33 @@ JWT.decode = function (jwt, options) {
   return payload;
 };
 
+var payload_options = [
+  'expiresIn',
+  'notBefore',
+  'expiresInMinutes',
+  'expiresInSeconds',
+  'audience',
+  'issuer',
+  'subject',
+  'jwtid'
+];
+
 JWT.sign = function(payload, secretOrPrivateKey, options, callback) {
   options = options || {};
-  payload = typeof payload === 'object' ? xtend(payload) : payload;
   var header = {};
 
   if (typeof payload === 'object') {
     header.typ = 'JWT';
+    payload = xtend(payload);
+  } else {
+    var invalid_option = payload_options.filter(function (key) {
+      return typeof options[key] !== 'undefined';
+    })[0];
+
+    console.warn('invalid "' + invalid_option + '" option for ' + (typeof payload) + ' payload');
   }
 
+
   header.alg = options.algorithm || 'HS256';
 
   if (options.headers) {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "jsonwebtoken",
-  "version": "5.5.2",
+  "version": "5.5.3",
   "description": "JSON Web Token implementation (symmetric and asymmetric)",
   "main": "index.js",
   "scripts": {

test/bug_147.tests.js → test/issue_147.tests.js

@@ -1,7 +1,7 @@
 var jwt = require('../index');
 var expect = require('chai').expect;
 
-describe('signing with a sealed payload', function() {
+describe('issue 147 - signing with a sealed payload', function() {
 
   it('should put the expiration claim', function () {
     var token = jwt.sign(Object.seal({foo: 123}), '123', { expiresIn: 10 });

test/non_object_values.tests.js

@@ -10,6 +10,13 @@ describe('non_object_values values', function() {
     expect(result).to.equal('hello');
   });
 
+  //v6 version will throw in this case:
+  it.skip('should throw with expiresIn', function () {
+    expect(function () {
+      jwt.sign('hello', '123', { expiresIn: '12h' });
+    }).to.throw(/invalid expiresIn option for string payload/);
+  });
+
   it('should fail to validate audience when the payload is string', function () {
     var token = jwt.sign('hello', '123');
     expect(function () {