From eedf3ebe0141aa8474ab1ce3738f15039fdd5e00 Mon Sep 17 00:00:00 2001
From: Christian Banse <oxisto@aybaze.com>
Date: Sat, 27 Aug 2022 13:42:01 +0200
Subject: [PATCH] Added option for audience check

---
 validator.go        |  9 +++++++++
 validator_option.go | 11 +++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/validator.go b/validator.go
index 0483e3a1..6acb7d24 100644
--- a/validator.go
+++ b/validator.go
@@ -21,6 +21,10 @@ type Validator struct {
 	// necessary. However, if wanted, it can be checked if the iat is
 	// unrealistic, i.e., in the future.
 	verifyIat bool
+
+	// expectedAud contains the audiences this token expects. Supplying an empty
+	// string will disable aud checking.
+	expectedAud string
 }
 
 type customValidationType interface {
@@ -67,6 +71,11 @@ func (v *Validator) Validate(claims Claims) error {
 		vErr.Errors |= ValidationErrorNotValidYet
 	}
 
+	if v.expectedAud != "" && !v.VerifyAudience(claims, v.expectedAud, false) {
+		vErr.Inner = ErrTokenNotValidYet
+		vErr.Errors |= ValidationErrorNotValidYet
+	}
+
 	// Finally, we want to give the claim itself some possibility to do some
 	// additional custom validation based on their custom claims
 	cvt, ok := claims.(customValidationType)
diff --git a/validator_option.go b/validator_option.go
index 4cc81c0e..8c7d30b6 100644
--- a/validator_option.go
+++ b/validator_option.go
@@ -25,10 +25,17 @@ func WithTimeFunc(f func() time.Time) ValidatorOption {
 	}
 }
 
-// WithIssuedAtVerification returns the ValidatorOption to enable verification
+// WithIssuedAt returns the ValidatorOption to enable verification
 // of issued-at.
-func WithIssuedAtVerification() ValidatorOption {
+func WithIssuedAt() ValidatorOption {
 	return func(v *Validator) {
 		v.verifyIat = true
 	}
 }
+
+// WithAudience returns the ValidatorOption to set the expected audience.
+func WithAudience(aud string) ValidatorOption {
+	return func(v *Validator) {
+		v.expectedAud = aud
+	}
+}