-
Notifications
You must be signed in to change notification settings - Fork 1k
fixes problem with multiple aud #791
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
In some cases, auth0 includes a second aud for userinfo endpoint. Tokens can have multiple target audiences as long as the custom API’s signing algorithm is set to RS256. Works with auth0 if machine-to-machine api userinfo is added as a second aud. This patch prevents JWT validation from failing in that case. See https://community.auth0.com/t/my-token-has-multiple-audiences-is-that-normal/41417
Hi Brian,
Thank you very much for your contribution. This looks like a very good commit to me. Sorry that it took me a while to review it. I needed some time to look at it properly.
@bcash Can you review this commit?
Let me know what you think. Maybe you can even test it before I release a new version? It is on the master branch. I would really appreciate that.
Kind regards, Maurits
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me!
In some cases, auth0 includes a second aud for userinfo endpoint. Tokens can have multiple target audiences as long as the custom API’s signing algorithm is set to RS256. Works with auth0 if machine-to-machine api userinfo is added as a second aud. This patch prevents JWT validation from failing in that case. See https://community.auth0.com/t/my-token-has-multiple-audiences-is-that-normal/41417