Closed VGLoic closed 6 months ago
You need to also set validate_aut to True https://docs.rs/jsonwebtoken/latest/jsonwebtoken/struct.Validation.html
Thanks for the answer!
I updated the PR with the addition of the validation.validate_aud = true;
but the tests are still passing
PS: I disabled the pinned
version of the tests as it was failing because of setup issues
I had a look.
In practice you should set validation.set_required_spec_claims(&["exp", "aud"]);
to validate the presence of each field because the validation only happens for fields present.
See https://github.com/Keats/jsonwebtoken/issues/190 for the original issue.
I do find it confusing though and i indeed forgot about that
Ah nice! Thanks a lot for having a look! I missed it when reading the code, my bad!
Would it be worth to complete the examples/validation
or the README
?
If you consider it's not worth it, please do not hesitate to close the issue :)
Yes definitely, and also explain it in the Validation struct doc
I will take one week of holiday but happy to prepare a PR for it at my return :)
Obviously, feel free to take it fast if you want it out of your system ahah
Hello!
First thanks a lot for this crate, it helps me greatly!
I have a question, I have created a
Validation
where I set my expectedaudience
. I then encode a JWT without giving any audience parameter. When I verify its validity using thedecode
method, I don't have any issue. Is it an expected behaviour? Thanks in advance!I forked the repo and created a dummy PR with a test change (that pass in CI) to illustrate the thing :)
Also here the code below