feat(backend): Propagate audience option to verifyToken #978
Conversation
In rare circumstances, one may want to specify the `audience` to validate the token against since the `aud` claim may be specified in the session customization settings. Also, if the `audience` is not specified for verification, then the presence of the `aud` claim should not result in a failure.
|
Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset. In case there are security findings, they will be communicated to you as a comment inside the PR. Hope you’ll enjoy using Jit. Questions? Comments? Want to learn more? Get in touch with us. |
![jit-ci[bot]](https://avatars.githubusercontent.com/in/142441?s=60&v=4){kind=small}
|
Thanks for the contribution @appden :) |
|
@appden Could you provide some information about your use case ? |
My primary reason at the moment is I'm integrating with MongoDB Atlas, which requires an |
|
@appden i will close this PR and open a new one that will allow the |
|
Closing this in favour of : #1004 |
Type of change
Packages affected
@clerk/clerk-js@clerk/clerk-react@clerk/nextjs@clerk/remix@clerk/types@clerk/themes@clerk/localizations@clerk/clerk-expo@clerk/backend@clerk/clerk-sdk-node@clerk/shared@clerk/fastifygatsby-plugin-clerkbuild/tooling/choreDescription
npm testruns as expected.npm run buildruns as expected.In rare circumstances, one may want to specify the
audienceto validate the token against since theaudclaim may be specified in the session customization settings. Also, if theaudienceis not specified for verification, then the presence of theaudclaim should not result in a failure.