Support array in "aud" claim

[milin-wish]

Hi,

According to the spec, "In the general case, the "aud" value is an array of case-sensitive strings, each containing a StringOrURI value." Can you update this library to support an array in the "aud" value?

Thanks,
Mike

[Schalex1998]

Hey,

we have the same issue when going from v3 to v4.

Best,
Alex

[quetzyg]

I just ran into this issue today. If I added this functionality, would you accept a pull request, @dgrijalva?

Scrap that, I just realised that the v4 branch has this sorted here.

[Schalex1998]

jwt.Parse(token, func(token *jwt.Token) (i interface{}, e error) {
	return rsaPublicKey, nil
}, jwt.WithoutAudienceValidation())

we just removed the validation as workaround btw

[quetzyg]

jwt.Parse(token, func(token *jwt.Token) (i interface{}, e error) {
	return rsaPublicKey, nil
}, jwt.WithoutAudienceValidation())

we just removed the validation as workaround btw

That's just wrong.

[quetzyg]

For those that are stuck in version 3.x for the time being, this work around does the trick:

func verifyAudience(claims jwt.MapClaims, audience string) bool {
	original := claims["aud"]

	switch aud := claims["aud"].(type) {
	case string:
		return claims.VerifyAudience(audience, true)
	case []interface{}:
		for _, val := range aud {
			if s, ok := val.(string); ok {
				claims["aud"] = s

				if claims.VerifyAudience(audience, true) {
					claims["aud"] = original

					return true
				}
			}
		}
	}

	claims["aud"] = original

	return false
}

So instead of calling the VerifyAudience() method of jwt.MapClaims like:

valid := claims.VerifyAudience("some.audience", true);

it would instead be:

valid := verifyAudience(claims, "some.audience");