diff --git a/.changeset/open-moments-smoke.md b/.changeset/open-moments-smoke.md new file mode 100644 index 000000000..99d75a75c --- /dev/null +++ b/.changeset/open-moments-smoke.md @@ -0,0 +1,8 @@ +--- +'@asgardeo/javascript': patch +'@asgardeo/browser': patch +'@asgardeo/node': patch +--- + +fix multiple audiences in ID token validation.Change audience parameter from string to array to support tokens with +multiple audiences diff --git a/packages/browser/src/__legacy__/utils/crypto-utils.ts b/packages/browser/src/__legacy__/utils/crypto-utils.ts index 1d3792712..503da5cfb 100644 --- a/packages/browser/src/__legacy__/utils/crypto-utils.ts +++ b/packages/browser/src/__legacy__/utils/crypto-utils.ts @@ -57,7 +57,7 @@ export class SPACryptoUtils implements Crypto { ): Promise { const jwtVerifyOptions = { algorithms: algorithms, - audience: clientId, + audience: [clientId], clockTolerance: clockTolerance, subject: subject, }; diff --git a/packages/javascript/src/DefaultCrypto.ts b/packages/javascript/src/DefaultCrypto.ts index f165c5f2b..0b006f003 100644 --- a/packages/javascript/src/DefaultCrypto.ts +++ b/packages/javascript/src/DefaultCrypto.ts @@ -64,7 +64,7 @@ export class DefaultCrypto implements Crypto { await jose.jwtVerify(idToken, key, { algorithms, - audience: clientId, + audience: [clientId], clockTolerance, issuer: validateJwtIssuer ? issuer : undefined, subject, diff --git a/packages/node/src/__legacy__/utils/crypto-utils.ts b/packages/node/src/__legacy__/utils/crypto-utils.ts index 2fa5a924d..c587c7105 100644 --- a/packages/node/src/__legacy__/utils/crypto-utils.ts +++ b/packages/node/src/__legacy__/utils/crypto-utils.ts @@ -65,7 +65,7 @@ export class NodeCryptoUtils implements Crypto { return jose .jwtVerify(idToken, key, { algorithms, - audience: clientId, + audience: [clientId], clockTolerance, issuer, subject,