Skip to content

Commit 5171ed4

Browse files
posepose
committed
Merge pull request auth0#5 from skarkkai-p/array-valued-audience
Support array-valued audience
2 parents 8477daf + 62ad8b9 commit 5171ed4

File tree

2 files changed

+43
-7
lines changed

2 files changed

+43
-7
lines changed

src/main/java/com/auth0/jwt/JWTVerifier.java

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
package com.auth0.jwt;
22

3-
import com.fasterxml.jackson.core.type.TypeReference;
43
import com.fasterxml.jackson.databind.JsonNode;
54
import com.fasterxml.jackson.databind.ObjectMapper;
65
import org.apache.commons.codec.binary.Base64;
@@ -125,11 +124,21 @@ void verifyIssuer(JsonNode jwtClaims) {
125124
}
126125

127126
void verifyAudience(JsonNode jwtClaims) {
128-
final String audienceFromToken = jwtClaims.has("aud") ? jwtClaims.get("aud").asText() : null;
129-
130-
if (audienceFromToken != null && !audience.equals(audienceFromToken)) {
131-
throw new IllegalStateException("jwt audience invalid");
127+
if (audience == null)
128+
return;
129+
JsonNode audNode = jwtClaims.get("aud");
130+
if (audNode == null)
131+
return;
132+
if (audNode.isArray()) {
133+
for (JsonNode jsonNode : audNode) {
134+
if (audience.equals(jsonNode.textValue()))
135+
return;
136+
}
137+
} else if (audNode.isTextual()) {
138+
if (audience.equals(audNode.textValue()))
139+
return;
132140
}
141+
throw new IllegalStateException("jwt audience invalid");
133142
}
134143

135144
String getAlgorithm(JsonNode jwtHeader) {

src/test/java/com/auth0/jwt/JWTVerifierTest.java

Lines changed: 29 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,15 @@
11
package com.auth0.jwt;
22

33
import com.fasterxml.jackson.databind.JsonNode;
4+
import com.fasterxml.jackson.databind.ObjectMapper;
5+
import com.fasterxml.jackson.databind.node.ArrayNode;
46
import com.fasterxml.jackson.databind.node.JsonNodeFactory;
57
import com.fasterxml.jackson.databind.node.ObjectNode;
8+
69
import org.apache.commons.codec.binary.Base64;
710
import org.junit.Test;
811

912
import java.security.SignatureException;
10-
import java.util.Collections;
11-
import java.util.Map;
1213

1314
import static org.junit.Assert.assertEquals;
1415

@@ -137,6 +138,26 @@ public void shouldVerifyAudienceWhenNotFoundInClaimsSet() throws Exception {
137138
.verifyAudience(JsonNodeFactory.instance.objectNode());
138139
}
139140

141+
@Test
142+
public void shouldVerifyNullAudience() throws Exception {
143+
new JWTVerifier("such secret")
144+
.verifyAudience(createSingletonJSONNode("aud", "wow"));
145+
}
146+
147+
@Test
148+
public void shouldVerifyArrayAudience() throws Exception {
149+
new JWTVerifier("such secret", "amaze audience")
150+
.verifyAudience(createSingletonJSONNode("aud",
151+
new ObjectMapper().readValue("[ \"foo\", \"amaze audience\" ]", ArrayNode.class)));
152+
}
153+
154+
@Test(expected = IllegalStateException.class)
155+
public void shouldFailArrayAudience() throws Exception {
156+
new JWTVerifier("such secret", "amaze audience")
157+
.verifyAudience(createSingletonJSONNode("aud",
158+
new ObjectMapper().readValue("[ \"foo\" ]", ArrayNode.class)));
159+
}
160+
140161
@Test
141162
public void decodeAndParse() throws Exception {
142163
final Base64 encoder = new Base64(true);
@@ -156,4 +177,10 @@ public static JsonNode createSingletonJSONNode(String key, String value) {
156177
jsonNodes.put(key, value);
157178
return jsonNodes;
158179
}
180+
181+
public static JsonNode createSingletonJSONNode(String key, JsonNode value) {
182+
final ObjectNode jsonNodes = JsonNodeFactory.instance.objectNode();
183+
jsonNodes.put(key, value);
184+
return jsonNodes;
185+
}
159186
}

0 commit comments

Comments
 (0)