Jwt audience validation #1116
Merged
Jwt audience validation #1116
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks, @leemhenson! Great work! |
This was referenced May 22, 2021
Open
This was referenced Jun 23, 2021
1 task
This was referenced Jul 28, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Auth0, for example, can send aud: ["", ""] in it's token. It also looks like it's possible to configure multiple or single acceptable audiences in the serverless.yml. This PR lifts both sets of audiences into an array which are then checked for an overlap.
Motivation and Context
I originally submitted this change as #1060 which was closed in favour of the similar #1070. Now that I've had chance to use the version that includes that change, I still see the same error that motivated my original PR. I think my change is still needed.
How Has This Been Tested?
Tests now exist for string-based audiences, array-based audiences containing a single element and array-based audiences of length > 1.