Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

If we set multiple audience, we get the authentication error. #148

Closed
shnmorimoto opened this issue Mar 23, 2022 · 3 comments
Closed

If we set multiple audience, we get the authentication error. #148

shnmorimoto opened this issue Mar 23, 2022 · 3 comments
Labels
bug This issue reports a suspect bug or issue with the SDK itself

Comments

@shnmorimoto
Copy link

Describe the problem

When we set multiple audience and jwt only have one audience. then we got authentication error.

jwtValidator, err := validator.New(
	provider.KeyFunc,
	validator.RS256,
	issuerURL.String(),
	[]string{"aaaaaa", "bbbbbb"},
)

jwt payload is like below

{
  "email": "user@example.com",
  "email_verified": true,
  "iss": "xxxxxxxxxxxxxxxx",
  "sub": "xxxxxxxxxxxxxxxx",
  "aud": "aaaaaa",
  "iat": 1648000756,
  "exp": 1648036756
}

error is like below.

2022/03/23 08:08:42 Encountered error while validating JWT: jwt invalid: expected claims not validated: square/go-jose/jwt: validation failed, invalid audience claim (aud)

if we set only 1 audience. then we get success authentication

What was the expected behavior?

In my understanding,
if one of the audiences we set matches one of the client-side audiences, the authentication should succeed.

My understanding is correct?

Reproduction

  1. set multiple audience in validator.New.
  2. send jwt with one audience

please see Describe the problem

Environment

Version of go-jwt-middleware used: v2.0.1

@shnmorimoto shnmorimoto added the bug This issue reports a suspect bug or issue with the SDK itself label Mar 23, 2022
@fschoell
Copy link

Ran into the same issue, seems like this is coming from the jwt library that does the claim validation. They already have an issue open for this, but not a lot of response there from the maintainers: square/go-jose#286

Unfortunately they also don't use go modules, so it's difficult to replace it with a fork.

@truescotian
Copy link

There is a fix here: go-jose/go-jose#10 it will just need to be updated in this repo

@sergiught
Copy link
Contributor

Hey folks 👋🏻 this is now fixed within the v2.1.0 (release). Thanks for your patience!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug This issue reports a suspect bug or issue with the SDK itself
Projects
None yet
Development

No branches or pull requests

4 participants