Closed viapivov closed 9 months ago
Thanks @viapivov for raising and providing a reproducible test; we'll look into this and get a fix out if there is an update needed for the SDK.
In this case, the validation should fail when expecting a zero-length string array audience claim value; but not with a NullPointerException
as it is currently. We'll get a fix in to throw an IncorrectClaimException
instead.
Checklist
Description
We've encountered a bug in 4.4.0 when checking if the token is issued for audience that in some cases may be empty. It used to work with 3.19.4.
Here's a snippet to reproduce it.
The workaround we've found is to exclude
withAudience
check in case if audience is empty.Reproduction
Additional context
No response
java-jwt version
4.4.0
Java version
11