The JWT generator should accept arrays for the audience claim

jsonwebtoken / jsonwebtoken.github.io

Developer-centric site to create awareness of JWTs and troubleshoot them.

jwt.io

Other

496 stars 324 forks source link

The JWT generator should accept arrays for the audience claim #249

Closed ghost closed 6 years ago

ghost commented 7 years ago

According to RFC 7519:

In the general case, the "aud" value is an array of case-sensitive strings, each containing a StringOrURI value. In the special case when the JWT has one audience, the "aud" value MAY be a single case-sensitive String containing a StringOrURI value.

The setAudience()-method of the JwtBuilder only accepts a single String. Additionally, passing a collection of Strings should be supported, which are then formatted as a JSON array for the aud value.

sebadoom commented 6 years ago

Thank you for your report. We need to investigate, but this may be an issue with the library we are using for validation. We will eventually correct this. Thanks again.

sebadoom commented 6 years ago

Sorry, I misinterpreted what the bug report said. We do not provide any setAudience method for a JwtBuilder class at this site. If you are referring to some of the libraries developed by Auth0, please report this bug at the appropriate issue tracker for that library. Thanks.

ghost commented 6 years ago

I apologize for the confusion - this ticket was of course aimed at another project. I must have followed a wrong link somewhere..