Change client assertion JWT aud claim to match token endpoint

[ejunker]

I am using this library to integrate with Okta using the client_secret_jwt auth method and I got this error from Okta:

The audience claim for client_assertion must be the endpoint invoked for the request.

The code was using the issuer url (example: https://foo.okta.com) but Okta is expecting it to be the same as the token endpoint url such as https://foo.okta.com/oauth2/v1/token

https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication

The aud (audience) Claim. Value that identifies the Authorization Server as an intended audience. The Authorization Server MUST verify that it is an intended audience for the token. The Audience SHOULD be the URL of the Authorization Server's Token Endpoint.

[ejunker]

I see that some of the tests are failing. I tried to install the dev-dependencies but I am on PHP 8.2 and I couldn't get them to install and so I can't get the tests to run locally.

[thomasvargiu]

Hi! Thank you @ejunker! Changes seems correct. If you rebase from upstream/master you should be able to execute and fix tests. Static Analysis with psalm will fail, but don't worry, I'm working on it to fix types.

[thomasvargiu]

I've merged it. Thanks @ejunker

[thomasvargiu]

Released in v0.3.2

[ejunker]

Thanks @thomasvargiu ! I looked at several PHP OpenID libraries and this is the best one.