[v3] Tokens fail to validate with WithAudience if "aud" is a string

[ItalyPaleAle]

According to RFC 7519, the "aud" claim is normally an array, but it could be a string too if there's a single value

https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3

In the general case, the "aud" value is an array of case-sensitive strings, each containing a StringOrURI value. In the special case when the JWT has one audience, the "aud" value MAY be a single case-sensitive string containing a StringOrURI value.

However, using WithAudience when validating a JWT using jwx v3.0.0-beta.1 fails if the "aud" claim in the token is a string.

[lestrrat]

Code please?
This works for me:

func TestSingleAudienceValidation(t *testing.T) {
	t.Parallel()
	src := []byte(`{
		"aud": "foo"
	}`)
	t1, err := jwt.ParseInsecure(src)
	require.NoError(t, err, `jwt.Parse should succeed`)


	require.NoError(t, jwt.Validate(t1), `jwt.Validate should succeed`)

	require.NoError(t, jwt.Validate(t1, jwt.WithAudience("foo")), "jwt.Validate should succeed")
	require.Error(t, jwt.Validate(t1, jwt.WithAudience("poop")), "jwt.Validate should fail")
}

result

$ go test -run=SingleAudience ./jwt
ok      github.com/lestrrat-go/jwx/v3/jwt       0.003s

[ItalyPaleAle]

My apologies, you're right. Bug was in my code somewhere else. Sorry about that!