You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've just updated to v5 and found that the new RegisteredClaims (in registered_claims.go) struct allows for a []string type via the ClaimStrings type. This opens the way for verifying multiple audiences from the token.
I'm very happy with this, as my authentication provider does provide multiple audiences and v4 gave no option to verify these.
However, the new ParserOption named WithAudience(aud string) and accompanying validator still only allows for a single string audience to be verified.
With RFC 7519 specifically mentioning multiple audiences, it does feel like something nice to support.
"(..) In the general case, the "aud" value is an array of case-sensitive strings (..)"
My questions are as follows:
Are there specific reasons to not implement checking of multiple audiences?
Are there any plans to do so?
If not, how do you feel about having an additional ParserOption called WithAudiences(auds []string) for the specific case of multiple audiences. This would not break the existing WithAudience(..) and add functionality.
Thanks in advance!
The text was updated successfully, but these errors were encountered:
Just to double-check: Are you sure you want to check against multiple expected audiences?
What WithAudience does, it checks all supplied audience, whether one of them includes the expected one (or is equal to it, in the case of just one audience). Usually your application should define one expected audience (e.g., its own hostname or an application name or a similar semantic) and then check for that particular one. I am not so sure about what the semantics about multiple expected audiences would entail.
If there is a valid use case for it, I suppose we (or rather you ;) as part of a PR) could add the WithAudiences parser option. Although there is probably a discussion then whether all expected audiences must match or any of them.
We tried to do the most basic functionality first in v5 and then see where we could add additional features that make sense.
Hi there,
I've just updated to
v5
and found that the newRegisteredClaims
(inregistered_claims.go
) struct allows for a[]string
type via theClaimStrings
type. This opens the way for verifying multiple audiences from the token.I'm very happy with this, as my authentication provider does provide multiple audiences and
v4
gave no option to verify these.However, the new
ParserOption
namedWithAudience(aud string)
and accompanyingvalidator
still only allows for a singlestring
audience to be verified.With RFC 7519 specifically mentioning multiple audiences, it does feel like something nice to support.
My questions are as follows:
ParserOption
calledWithAudiences(auds []string)
for the specific case of multiple audiences. This would not break the existingWithAudience(..)
and add functionality.Thanks in advance!
The text was updated successfully, but these errors were encountered: