There are some claims the payload should not be able to overwrite.

rohe · rohe · commit 566921d78553 · 2018-11-15T17:09:54.000+01:00
Bumped version.
diff --git a/src/cryptojwt/__init__.py b/src/cryptojwt/__init__.py
@@ -15,7 +15,7 @@
 except ImportError:
     pass
 
-__version__ = '0.6.1'
+__version__ = '0.6.2'
 
 logger = logging.getLogger(__name__)
 
diff --git a/src/cryptojwt/jwt.py b/src/cryptojwt/jwt.py
@@ -181,7 +181,10 @@ def pack(self, payload=None, kid='', owner='', recv='', aud=None, **kwargs):
         :param kwargs: Extra keyword arguments
         :return: A signed or signed and encrypted JsonWebtoken
         """
-        _args = self.pack_init(recv, aud)
+        _args = {}
+        if payload is not None:
+            _args.update(payload)
+        _args.update(self.pack_init(recv, aud))
 
         try:
             _encrypt = kwargs['encrypt']
@@ -198,9 +201,6 @@ def pack(self, payload=None, kid='', owner='', recv='', aud=None, **kwargs):
 
             _args['jti'] = _jti
 
-        if payload is not None:
-            _args.update(payload)
-
         if not owner and self.iss:
             owner = self.iss
 
