Closed srjakes closed 1 year ago
In my configuration I have two audiences.
At this point in the validation code I have an access_token with a single value in the aud claim that matches one of the configured audiences.
aud
https://github.com/eclipse-vertx/vertx-auth/blob/67b237b1cdca069c1a8b2d2b1f4f2f15c8e4b113/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java#L618
The access_token fails validation because the other audience from the configuration is not in the aud claim.
The similar check in vertx-auth-jwt does a Collections.disjoint on the configured audiences and the aud claim.
Collections.disjoint
I think that my access_token should pass this audience validation check.
In my configuration I have two audiences.
At this point in the validation code I have an access_token with a single value in the
audclaim that matches one of the configured audiences.https://github.com/eclipse-vertx/vertx-auth/blob/67b237b1cdca069c1a8b2d2b1f4f2f15c8e4b113/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java#L618
The access_token fails validation because the other audience from the configuration is not in the
audclaim.The similar check in vertx-auth-jwt does a
Collections.disjointon the configured audiences and theaudclaim.I think that my access_token should pass this audience validation check.