require claims to exist when asked to verify them

[dakkar]

I would expect that calling decode_jwt with verify_iss would die if there is no iss claim to verify (same for sub, aud, jti)

This commit makes that happen.

Possible incompatible change:

decode_jwt(token=>encode_jwt(payload=>{},@etc),verify_iss=>sub{1},@etc);

used to work, now it fails. Maybe if the verify_* is a CODE, we should call it with whatever value we have (undef if missing) and trust it?

[karel-m]

I agree with the idea you are proposing.

Please change the code in this way (please use 2-spaces indent):

  if (defined $args{verify_iss}) {
    if (exists $payload->{iss}) {
      if (ref $args{verify_iss} eq 'Regexp') {
        croak "JWT: iss claim re check failed" unless $payload->{iss} =~ $args{verify_iss};
      }
      elsif (ref $args{verify_iss} eq 'CODE') {
        croak "JWT: iss claim check failed" unless $args{verify_iss}->($payload->{iss});
      }
      else {
        croak "JWT: verify_iss must be Regexp or CODE";
      }
    }
    else {
      croak "JWT: iss claim required but missing";
    }
  }

Also please update doc like this:

=item verify_iss

B<INCOMPATIBLE CHANGE in v0.24> - if C<verify_iss> is specified and claim C<iss> is completely missing it is a failure since v0.24

C<CODE ref> - subroutine (with 'iss' claim value passed as argument) has to return C<true> otherwise verification fails

C<Regexp ref> - 'iss' claim value has to match given regexp otherwise verification fails

C<undef> (default) - do not verify 'iss' claim