When Pega uses pxGenerateJWT activity to generate JWT token by default it includes Optional claims attributes like nbf.
Our problem -
There is clock time difference between Pega server and external application server because of which JWT generated form Pega is failing at consumer end. nbf is current time when pega generates the token but for external system its future date due to clock issue.
External system request not to pass nbf claim in JWT as a quick resolution.
Is there any way to exclude optional claims from JWT ?
There is no switch in the Token Profile or pxGenerateJWT activity to turn off only the nbf claim – nbf is generated from the “Processed not before (in seconds)” setting in the Token lifetime section and is always added when Pega builds the token. Because of that, you cannot exclude nbf from a JWT while still using the standard Token Profile + pxGenerateJWT path. The recommended fix is to correct the clock skew between the Pega server and the external server (for example, by using NTP on both sides) so that nbf and the consumer’s system time are in sync. Alternatively, if the consumer supports it, you can ask them to configure an allowed clock skew or to ignore the nbf claim, which is optional per the JWT spec. If you must remove nbf completely, the only real workaround is to stop using pxGenerateJWT and instead generate the JWT in a custom activity or Java step where you manually build the header and payload and sign it with your own code/libraries, adding only the claims you need. In that custom implementation you include exp/iat as required by the consumer and simply omit nbf. This means you will not be able to use the Token Profile “preview” or other built-in helpers, but you will have full control over the claims. In short, out of the box you cannot remove nbf; either fix the time difference / consumer validation or implement a custom JWT generator.