Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ac2edf230d |
@@ -1,6 +1,6 @@
|
|||||||
# Package
|
# Package
|
||||||
|
|
||||||
version = "0.3.0"
|
version = "0.3.1"
|
||||||
author = "Jonathan Bernard"
|
author = "Jonathan Bernard"
|
||||||
description = "Jonathan's opinionated extensions and auth layer for Jester."
|
description = "Jonathan's opinionated extensions and auth layer for Jester."
|
||||||
license = "MIT"
|
license = "MIT"
|
||||||
|
|||||||
@@ -140,11 +140,15 @@ proc validateJWT*(ctx: ApiAuthContext, jwt: JWT) =
|
|||||||
|
|
||||||
if jwt.claims.aud.isNone: failAuth "Missing 'aud' claim."
|
if jwt.claims.aud.isNone: failAuth "Missing 'aud' claim."
|
||||||
|
|
||||||
if not ctx.validAudiences.contains(jwt.claims.aud.get):
|
if jwt.claims["aud"].get.kind == JString:
|
||||||
log.debug(
|
# If the token is for a single audience, check that it is for us.
|
||||||
"Valid audiences: $#\ttoken audience: $#" %
|
if not ctx.validAudiences.contains(jwt.claims.aud.get):
|
||||||
[$ctx.validAudiences, jwt.claims.aud.get])
|
failAuth "JWT is not for us (invalid audience)."
|
||||||
failAuth "JWT is not for us (invalid audience)."
|
elif jwt.claims["aud"].get.kind == JArray:
|
||||||
|
# If the token is for multiple audiences, check that at least one is for us.
|
||||||
|
let auds = jwt.claims["aud"].get.getElems
|
||||||
|
if not auds.anyIt(ctx.validAudiences.contains(it.getStr)):
|
||||||
|
failAuth "JWT is not for us (invalid audience)."
|
||||||
|
|
||||||
let signingAlgorithm = jwt.header.alg.get
|
let signingAlgorithm = jwt.header.alg.get
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user