seonixx
commented
7 years ago @jmreyes keen to get this merged. Thoughts?
Closed toddmedema closed 7 years ago
seonixx
commented
7 years ago @jmreyes keen to get this merged. Thoughts?
jmreyes
commented
7 years ago Hi, this feature should be already supported in the current version, could you please check it out? I've written some tests for this (branch clientid-array) and it seems to be the case.
Basically the jsonwebtoken library used to verify the token already accepts an array of clientIDs as audience, and is able to check whether one of those supplied matches the one in the token.
Can pass in an array (or single ID as string) of IDs, it'll check against all of them before declaring invalid.
Useful for cases where many types of apps / clients are auth'ing against the same server