feat: Remove nonce from jwt encode payload

lib/keypair.rb

@@ -145,11 +145,7 @@ def jwt_encode(payload, headers = {})
 
       # Expiration time on or after which the tool MUST NOT accept the ID Token for
       # processing (epoch). This is mostly used to allow some clock skew.
-      exp: Time.now.to_i + 5.minutes.to_i,
-
-      # String value used to associate a tool session with an ID Token, and to mitigate replay
-      # attacks. The nonce value is a case-sensitive string.
-      nonce: SecureRandom.uuid
+      exp: Time.now.to_i + 5.minutes.to_i
     )
 
     # Add additional info into the headers

spec/models/keypair_spec.rb

@@ -312,18 +312,14 @@
           expect(decoded).to include payload
         end
         it 'adds security payloads' do
-          expect(decoded.keys).to match_array %i[hex nested iat exp nonce]
+          expect(decoded.keys).to match_array %i[hex nested iat exp]
         end
         it 'sets iat to now', timecop: :freeze do
           expect(decoded[:iat]).to eq Time.current.to_i
         end
         it 'sets exp to 5 minutes from now', timecop: :freeze do
           expect(decoded[:exp]).to eq 5.minutes.from_now.to_i
         end
-        it 'sets a generated nonce' do
-          allow(SecureRandom).to receive(:uuid).and_return 'my-nonce'
-          expect(decoded[:nonce]).to eq 'my-nonce'
-        end
         it 'is encoded with the keypair and correct algorithm' do
           expect do
             JWT.decode(subject, keypair.public_key, true, algorithm: described_class::ALGORITHM)
@@ -340,12 +336,10 @@
         let(:payload) { { foo: 'bar', exp: 1.minute.ago.to_i } }
 
         it 'returns a JWT with the correct payload' do
-          allow(SecureRandom).to receive(:uuid).and_return 'my-nonce'
           expect(decoded).to eq(
             foo: 'bar',
             iat: Time.current.to_i,
-            exp: 1.minute.ago.to_i,
-            nonce: 'my-nonce'
+            exp: 1.minute.ago.to_i
           )
         end
         it 'is cannot be decoded' do