Audience validation

Open alexhermida opened this issue 5 years ago • 0 comments

Hello,

I notice that the validation behaviour during the jwt.decode it's different for "issuer" and "audience" although the description it's the same. I realise about the open issue #95 regarding issuer description. I think it should be the same for the audience and if we define in the principal the audience value should be checked even if it doesn't come in the claim, or is there any reason for not do it?

I've saw this code commented but no additional info about it https://github.com/mpdavis/python-jose/blob/master/jose/jwt.py#L345

Thank you for the project!

Mar 06 '20 23:03 alexhermida