JWT `aud` Claim Does Not Match JWT Spec
juriadams opened this issue · comments
Upon reviewing the oslo
module, I've found its features compelling and plan on integrating it into our production applications. However, I've noticed an inconsistency concerning the oslo/jwt
not completely adhering to the JWT spec.
According to Section 4.1.3 of the spec, the aud
claim should usually be an array of strings, although it can also be just a string.
Looking your library's source code, I noticed that it only supports string
as the type of audience
. Can you confirm if this was an intentional design decision?
If not, I am happy to contribute by making a PR to resolve this issue.
Oh, TIL! Yeah this wasn't intentional.
As for the implementation/fix, maybe we should make JWT.audience
always be an array instead of string | string[]
so you wouldn't need to check for the type
Fixed with 0.26.0