Skip to content

Commit 98a3c55

Browse files
author
Samuli Kärkkäinen
committed
Support array-valued 'aud'
Also don't break if user hasn't specified non-null audience.
1 parent 8477daf commit 98a3c55

File tree

1 file changed

+14
-5
lines changed

1 file changed

+14
-5
lines changed

src/main/java/com/auth0/jwt/JWTVerifier.java

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
package com.auth0.jwt;
22

3-
import com.fasterxml.jackson.core.type.TypeReference;
43
import com.fasterxml.jackson.databind.JsonNode;
54
import com.fasterxml.jackson.databind.ObjectMapper;
65
import org.apache.commons.codec.binary.Base64;
@@ -125,11 +124,21 @@ void verifyIssuer(JsonNode jwtClaims) {
125124
}
126125

127126
void verifyAudience(JsonNode jwtClaims) {
128-
final String audienceFromToken = jwtClaims.has("aud") ? jwtClaims.get("aud").asText() : null;
129-
130-
if (audienceFromToken != null && !audience.equals(audienceFromToken)) {
131-
throw new IllegalStateException("jwt audience invalid");
127+
if (audience == null)
128+
return;
129+
JsonNode audNode = jwtClaims.get("aud");
130+
if (audNode == null)
131+
return;
132+
if (audNode.isArray()) {
133+
for (JsonNode jsonNode : audNode) {
134+
if (audience.equals(jsonNode.textValue()))
135+
return;
136+
}
137+
} else if (audNode.isTextual()) {
138+
if (audience.equals(audNode.textValue()))
139+
return;
132140
}
141+
throw new IllegalStateException("jwt audience invalid");
133142
}
134143

135144
String getAlgorithm(JsonNode jwtHeader) {

0 commit comments

Comments
 (0)