Upon reviewing the oslo module, I've found its features compelling and plan on integrating it into our production applications. However, I've noticed an inconsistency concerning the oslo/jwt not completely adhering to the JWT spec.

According to Section 4.1.3 of the spec, the aud claim should usually be an array of strings, although it can also be just a string.

Looking your library's source code, I noticed that it only supports string as the type of audience. Can you confirm if this was an intentional design decision?

If not, I am happy to contribute by making a PR to resolve this issue.

Oh, TIL! Yeah this wasn't intentional.

As for the implementation/fix, maybe we should make JWT.audience always be an array instead of string | string[] so you wouldn't need to check for the type

Fixed with 0.26.0