Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix allow multiple audiences #10

Merged
merged 2 commits into from May 20, 2022
Merged

Fix allow multiple audiences #10

merged 2 commits into from May 20, 2022

Conversation

shnmorimoto
Copy link

Original issue is square/go-jose#286
And PR for v2 is square/go-jose#369

This PR allows multiple audiences.

Test result is below

$ go test ./jwt
ok      github.com/go-jose/go-jose/v3/jwt

@shnmorimoto shnmorimoto mentioned this pull request May 3, 2022
Closed
@shnmorimoto
Copy link
Author

@csstaub Sorry for bothering you.
Could you review this PR when you have a moment?

csstaub
csstaub approved these changes May 20, 2022
View reviewed changes
Copy link

@csstaub csstaub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thank you for the pull request!

@csstaub csstaub merged commit 3258646 into go-jose:v3 May 20, 2022
@shnmorimoto
Copy link
Author

@csstaub Thank you so much!

@sergiught
Copy link

Hey @shnmorimoto appreciate the fix provided over here.

@csstaub I'm wondering if we could merge go-jose/go-jose@v2 branch with the latest from square/go-jose and then incorporate this fix in there as well so we could make use of it already?

Or alternatively is the v3 still under development and not stable yet? Or is the README simply outdated?:)

Appreciate your time in answering these! 🙇🏻

@truescotian truescotian mentioned this pull request Jul 18, 2022
Closed
@sergiught sergiught mentioned this pull request Aug 16, 2022
Closed
@jsha
Copy link
Collaborator

jsha commented Jan 13, 2023

Confirming that the new behavior is correct per RFC 7519 Section 4.1.3:

4.1.3. "aud" (Audience) Claim

The "aud" (audience) claim identifies the recipients that the JWT is
intended for. Each principal intended to process the JWT MUST
identify itself with a value in the audience claim. If the principal
processing the claim does not identify itself with a value in the
"aud" claim when this claim is present, then the JWT MUST be
rejected. In the general case, the "aud" value is an array of case-
sensitive strings, each containing a StringOrURI value. In the
special case when the JWT has one audience, the "aud" value MAY be a
single case-sensitive string containing a StringOrURI value. The
interpretation of audience values is generally application specific.
Use of this claim is OPTIONAL.

(emphasis mine)

This was referenced Jan 13, 2023
Open
Merged
jsha added a commit that referenced this pull request Nov 9, 2023
@jsha
Revert pull request #10 (multiple audiences) (#24)
c8399df 
Per #23, PR #10 (unreleased) made the authorization properties of
Claims.Validate more relaxed. Given that people may have been relying on
those authorization properties, we shouldn't make that change without a
change in API surface or a major version bump.
@jsha jsha mentioned this pull request Dec 12, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csstaub csstaub csstaub approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@shnmorimoto @sergiught @jsha @csstaub