okta-auth-js icon indicating copy to clipboard operation
okta-auth-js copied to clipboard

Published 20 hours ago verified publisher icon okta

changed audience to be array

Open sidharthramesh opened this issue 2 years ago • 5 comments

sidharthramesh avatar Feb 22 '22 14:02 sidharthramesh

@sidharthramesh what situation results in the aud being an array? how does this happen?

aarongranick-okta avatar Feb 22 '22 17:02 aarongranick-okta

According to the openid spec for aud:

REQUIRED. Audience(s) that this ID Token is intended for. It MUST contain the OAuth 2.0 client_id of the Relying Party as an audience value. It MAY also contain identifiers for other audiences. In the general case, the aud value is an array of case sensitive strings. In the common special case when there is one audience, the aud value MAY be a single case sensitive string.

I’m using the client library with okta and it works since the audience is a string. However, in some deployments we are using another OIDC server. I’d like to keep using the same client side and just swap out one OIDC server (okta) with another and still have the code work.

It doesn’t break the current functionality, and will be future proof since you might want to support multiple audiences in the future.

sidharthramesh avatar Feb 22 '22 18:02 sidharthramesh

@sidharthramesh Thanks for raising this issue. We will work on getting this corrected. internal ref: OKTA-476220

aarongranick-okta avatar Mar 04 '22 04:03 aarongranick-okta

Codecov Report

Merging #1121 (83394e2) into master (afe7e17) will decrease coverage by 0.02%. The diff coverage is 50.00%.

@@            Coverage Diff             @@
##           master    #1121      +/-   ##
==========================================
- Coverage   93.51%   93.48%   -0.03%     
==========================================
  Files         154      157       +3     
  Lines        4147     4283     +136     
  Branches      906      940      +34     
==========================================
+ Hits         3878     4004     +126     
- Misses        253      262       +9     
- Partials       16       17       +1
Impacted Files Coverage Δ
lib/oidc/util/validateClaims.ts 91.66% <50.00%> (-8.34%) :arrow_down:
lib/TokenManager.ts 94.80% <0.00%> (-0.15%) :arrow_down:
lib/types/index.ts 100.00% <0.00%> (ø)
lib/AuthStateManager.ts 93.87% <0.00%> (ø)
lib/idx/remediators/Base/AuthenticatorData.ts 97.87% <0.00%> (ø)
lib/services/TokenService.ts
lib/services/index.ts 100.00% <0.00%> (ø)
lib/services/AutoRenewService.ts 100.00% <0.00%> (ø)
lib/ServiceManager.ts 92.30% <0.00%> (ø)
lib/services/SyncStorageService.ts 96.77% <0.00%> (ø)
... and 4 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update afe7e17...83394e2. Read the comment docs.

codecov-commenter avatar Mar 16 '22 01:03 codecov-commenter

Hi team. Any update on this?

soumyart avatar Oct 27 '23 14:10 soumyart