Skip to content

Commit

Permalink
Update audience verification based on jwt-kit update (#118)
Browse files Browse the repository at this point in the history
  • Loading branch information
@grosch
grosch committed Mar 17, 2020
1 parent cc68651 commit a37a151
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 13 deletions.
7 changes: 1 addition & 6 deletions Sources/JWT/JWT+Apple.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,7 @@ extension Request.JWT {
).flatMapThrowing { signers in
let token = try signers.verify(message, as: AppleIdentityToken.self)
if let applicationIdentifier = applicationIdentifier ?? self.request.application.jwt.apple.applicationIdentifier {
guard token.audience.value == applicationIdentifier else {
throw JWTError.claimVerificationFailure(
name: "audience",
reason: "Audience claim does not match application identifier"
)
}
try token.audience.verifyIntendedAudience(includes: applicationIdentifier)
}
return token
}
Expand Down
9 changes: 2 additions & 7 deletions Sources/JWT/JWT+Google.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,14 +47,9 @@ extension Request.JWT {
).flatMapThrowing { signers in
let token = try signers.verify(message, as: GoogleIdentityToken.self)
if let applicationIdentifier = applicationIdentifier ?? self.request.application.jwt.google.applicationIdentifier {
guard token.audience.value == applicationIdentifier else {
throw JWTError.claimVerificationFailure(
name: "audience",
reason: "Audience claim does not match application identifier"
)
}

try token.audience.verifyIntendedAudience(includes: applicationIdentifier)
}

if let gSuiteDomainName = gSuiteDomainName ?? self.request.application.jwt.google.gSuiteDomainName {
guard let hd = token.hostedDomain, hd.value == gSuiteDomainName else {
throw JWTError.claimVerificationFailure(
Expand Down

0 comments on commit a37a151

Please sign in to comment.