Closed shnmorimoto closed 1 year ago
Ran into the same issue, seems like this is coming from the jwt library that does the claim validation. They already have an issue open for this, but not a lot of response there from the maintainers: https://github.com/square/go-jose/issues/286
Unfortunately they also don't use go modules, so it's difficult to replace it with a fork.
There is a fix here: https://github.com/go-jose/go-jose/pull/10 it will just need to be updated in this repo
Hey folks šš» this is now fixed within the v2.1.0 (release). Thanks for your patience!
Describe the problem
When we set multiple audience and jwt only have one audience. then we got authentication error.
jwt payload is like below
error is like below.
if we set only 1 audience. then we get success authentication
What was the expected behavior?
In my understanding, if one of the audiences we set matches one of the client-side audiences, the authentication should succeed.
My understanding is correct?
Reproduction
please see
Describe the problem
Environment
Version of
go-jwt-middleware
used: v2.0.1