Commit 3502f4f

authored

fixes problem with multiple aud

In some cases, auth0 includes a second aud for userinfo endpoint. Tokens can have multiple target audiences as long as the custom API’s signing algorithm is set to RS256. Works with auth0 if machine-to-machine api userinfo is added as a second aud. This patch prevents JWT validation from failing in that case. See https://community.auth0.com/t/my-token-has-multiple-audiences-is-that-normal/41417

1 parent 3c4b24f commit 3502f4fCopy full SHA for 3502f4f

File tree

1 file changed

-2

lines changed

src/Tqdev/PhpCrudApi/Middleware
- JwtAuthMiddleware.php

1 file changed

-2

lines changed

`‎src/Tqdev/PhpCrudApi/Middleware/JwtAuthMiddleware.php‎`

Lines changed: 6 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -69,8 +69,12 @@ private function getVerifiedClaims(string $token, int $time, int $leeway, int $t`
`69`	`69`	`foreach ($requirements as $field => $values) {`
`70`	`70`	`if (!empty($values)) {`
`71`	`71`	`if ($field != 'alg') {`
`72`		`- if (!isset($claims[$field]) \|\| !in_array($claims[$field], $values)) {`
`73`		`- return array();`
	`72`	`+ if (!isset($claims[$field]) ) {`
	`73`	`+ if ( is_string( $claims[$field] ) && !in_array($claims[$field], $values) ) {`
	`74`	`+ return array();`
	`75`	`+ } else if ( is_array( $claims[$field] ) && !in_array($claims[$field][0], $values) && !in_array($claims[$field][1], $values) ) {`
	`76`	`+ return array();`
	`77`	`+ }`
`74`	`78`	`}`
`75`	`79`	`}`
`76`	`80`	`}`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 3502f4f

File tree

1 file changed

1 file changed

`‎src/Tqdev/PhpCrudApi/Middleware/JwtAuthMiddleware.php‎`

0 commit comments