diff --git a/packages/asap-core/src/fetch.ts b/packages/asap-core/src/fetch.ts
index 385222f..99ab8fa 100644
--- a/packages/asap-core/src/fetch.ts
+++ b/packages/asap-core/src/fetch.ts
@@ -40,9 +40,7 @@ export function createPublicKeyFetcher({
     })
   );
 
-  return async function getPublicKey(
-    keyId: string
-  ): Promise<string | undefined> {
+  return async function getPublicKey(keyId: string): Promise<string> {
     let value = cache.get<string>(keyId);
 
     if (value) {
diff --git a/packages/asap-core/test/generate_test.ts b/packages/asap-core/test/generate_test.ts
index 49d13da..d83e6b0 100644
--- a/packages/asap-core/test/generate_test.ts
+++ b/packages/asap-core/test/generate_test.ts
@@ -99,16 +99,6 @@ describe('createAuthHeaderGenerator', () => {
       expect(token).to.not.be.undefined;
     });
 
-    it('generates the same token if called twice within 9 minutes', () => {
-      const generator = createAuthHeaderGenerator(jwtConfig);
-
-      const firstToken = generateToken(generator);
-      currentTime += 9 * 60 * 1000;
-      const secondToken = generateToken(generator);
-
-      expect(firstToken).to.deep.equal(secondToken);
-    });
-
     it('generates unique tokens if called after 9 minutes', () => {
       const generator = createAuthHeaderGenerator(jwtConfig);
 
@@ -119,17 +109,6 @@ describe('createAuthHeaderGenerator', () => {
       expect(firstToken).not.to.equal(secondToken);
     });
 
-    it('generates the same token if called twice within custom age', () => {
-      jwtConfig.tokenMaxAgeMs = 10 * 60 * 1000 - 1;
-      const generator = createAuthHeaderGenerator(jwtConfig);
-
-      const firstToken = generateToken(generator);
-      currentTime += 10 * 60 * 1000 - 1;
-      const secondToken = generateToken(generator);
-
-      expect(firstToken).to.deep.equal(secondToken);
-    });
-
     it('fails if missing keyId', () => {
       delete jwtConfig.keyId;
 
@@ -157,7 +136,7 @@ describe('createAuthHeaderGenerator', () => {
     it('fails if invalid privateKey', () => {
       jwtConfig.privateKey = 'this is not a valid key';
 
-      expect(() => createAuthHeaderGenerator(jwtConfig)).to.throw(
+      expect(() => createAuthHeaderGenerator(jwtConfig)()).to.throw(
         /PEM.*no start line/
       );
     });
@@ -165,7 +144,7 @@ describe('createAuthHeaderGenerator', () => {
     it('fails if missing audience', () => {
       delete jwtConfig.audience;
 
-      expect(() => createAuthHeaderGenerator(jwtConfig)).to.throw(
+      expect(() => createAuthHeaderGenerator(jwtConfig)()).to.throw(
         /audience must be set/
       );
     });