irdkwmnsb
commented
1 year ago Or does the absence of audience from the JWT token should match the absence of audience in the validate call? Should then the error message still be the same?
Closed irdkwmnsb closed 1 year ago
irdkwmnsb
commented
1 year ago Or does the absence of audience from the JWT token should match the absence of audience in the validate call? Should then the error message still be the same?
irdkwmnsb
commented
1 year ago
- Needs updating changelog
Done.
- Would changing this be considered a breaking change?
No, since 1) The error message should not be relied upon error handling 2) If so, this error message already might happen in two different cases, which are indistinguishable, so no logic really applies there.
auvipy
commented
1 year ago yeah agree
It's impossible to distinguish the two errors when 'audience' doesn't match. The first error is programmer's fault – supplying an incorrect audience value. The second is an expected error – when the audience doesn't match the required value. The error messages shouldn't be the same.