Skip to content

Commit 3502f4f

Browse files
bcashbcash
authored
fixes problem with multiple aud
In some cases, auth0 includes a second aud for userinfo endpoint. Tokens can have multiple target audiences as long as the custom API’s signing algorithm is set to RS256. Works with auth0 if machine-to-machine api userinfo is added as a second aud. This patch prevents JWT validation from failing in that case. See https://community.auth0.com/t/my-token-has-multiple-audiences-is-that-normal/41417
1 parent 3c4b24f commit 3502f4f

File tree

1 file changed

+6
-2
lines changed

1 file changed

+6
-2
lines changed

src/Tqdev/PhpCrudApi/Middleware/JwtAuthMiddleware.php

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -69,8 +69,12 @@ private function getVerifiedClaims(string $token, int $time, int $leeway, int $t
6969
foreach ($requirements as $field => $values) {
7070
if (!empty($values)) {
7171
if ($field != 'alg') {
72-
if (!isset($claims[$field]) || !in_array($claims[$field], $values)) {
73-
return array();
72+
if (!isset($claims[$field]) ) {
73+
if ( is_string( $claims[$field] ) && !in_array($claims[$field], $values) ) {
74+
return array();
75+
} else if ( is_array( $claims[$field] ) && !in_array($claims[$field][0], $values) && !in_array($claims[$field][1], $values) ) {
76+
return array();
77+
}
7478
}
7579
}
7680
}

0 commit comments

Comments
 (0)