Force audience to incoming host when `checkAudience` is false

jaredhanson / passport-persona

Mozilla Persona authentication strategy for Passport and Node.js.

MIT License

19 stars 8 forks source link

Force audience to incoming host when `checkAudience` is false #2

Closed Morgul closed 8 years ago

Morgul commented 11 years ago

When the checkAudience option is false, we need to force our audience to the incoming host, otherwise persona will fail all requests with a miss-matched audience.

Alternatively, this could be the default if checkAudience was false, and audience was undefined, but it made sense to me to depend on checkAudience alone.

This allows, for example, development on localhost, while testing with another computer browsing to the site via ip address. (I frequently test with my iPad this way).

Morgul commented 11 years ago

Also, apologies for the whitespace removal adding noise to the diff; didn't notice that till submitting the pull request; my editor does that automatically, and I didn't think about it.

Morgul commented 8 years ago

Closing in favor of #6.