Tags: golang-jwt/jwt
Tags
Bump Go version to indicate correct minimum requirement (#452) * Bump Go version to indicate correct minimum requirement The minimum requirement that we have was silently bumped to 1.21 in #441 because of the `slices` package. It seems that we did not update the `go.mod` when we updated our CI range, because CI did not fail because it was not testing older versions. We probably should just update the `go.mod` when we update the CI target in the future? Although we could theoretically stay at 1.21 in terms of the code base. * Removed outdated build tags * Remove more build tags * Removed code for Go < 1.20
Fix bug in validation of multiple audiences (#441) * Fix bug in validation of multiple audiences In a situation where multiple audiences are validated by the validator, the order of evaluation of the for-range loop affects the result. If we produce matches such as: ``` { "example.org": true, "example.com": false, } ``` and we configured the validator to expect a single match on audience, the code would either: 1. produce "token has invalid audience" if "example.org" was evaluated first 2. produce a passing result if "example.com" was evaluated first This commit fixes this bug, and adds a suite of tests as well as regression tests to prevent this issue in future. * Adding three more test cases to be sure * Removing required alltogether form verifyAudience * Removing required --------- Co-authored-by: Christian Banse <oxisto@aybaze.com>
PreviousNext