Accept string[] as audience in IdTokenVerifier constructor

[ea244wmi]

Hi! 👋

Firstly, thanks for your work on this project! 🙂

Today I used patch-package to patch idtoken-verifier@2.2.2 for the project I'm working on.

I've noticed IdTokenVerifier constructor accepts string for audience while it probably should accept string or array of strings.

https://github.com/auth0/idtoken-verifier/blob/master/src/index.js#L184-L191

Here is the diff that solved my problem:

diff --git a/node_modules/idtoken-verifier/types/index.d.ts b/node_modules/idtoken-verifier/types/index.d.ts
index 71c1d5e..627cae8 100644
--- a/node_modules/idtoken-verifier/types/index.d.ts
+++ b/node_modules/idtoken-verifier/types/index.d.ts
@@ -33,7 +33,7 @@ export type validateAccessTokenCallback = (err?: Error) => any;
  */
 declare function IdTokenVerifier(parameters: {
   issuer: string;
-  audience: string;
+  audience: string | string[];
   jwksCache?: any;
   jwksURI?: string;
   expectedAlg?: string;
@@ -59,7 +59,7 @@ declare class IdTokenVerifier {
    */
   constructor(parameters: {
     issuer: string;
-    audience: string;
+    audience: string | string[];
     jwksCache?: any;
     jwksURI?: string;
     expectedAlg?: string;

This issue body was partially generated by patch-package.

[stevehobbsdev]

👋🏻 Could you describe the specific use case where you are validating an ID token using multiple audiences?

For context, the way it's designed at the minute is to specifically validate that the aud claim contains the specific client_id registered at the issuer.

https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation