MCPcopy
hub / github.com/golang-jwt/jwt / verifyAudience

Method verifyAudience

validator.go:237–270  ·  validator.go::Validator.verifyAudience

verifyAudience compares the aud claim against cmp. If aud is not set or an empty list, it will succeed if the claim is not required, otherwise ErrTokenRequiredClaimMissing will be returned. Additionally, if any error occurs while retrieving the claim, e.g., when its the wrong type, an ErrTokenUnve

(claims Claims, cmp []string, expectAllAud bool)

Source from the content-addressed store, hash-verified

235// Additionally, if any error occurs while retrieving the claim, e.g., when its
236// the wrong type, an ErrTokenUnverifiable error will be returned.
237func (v *Validator) verifyAudience(claims Claims, cmp []string, expectAllAud bool) error {
238 aud, err := claims.GetAudience()
239 if err != nil {
240 return err
241 }
242
243 // Check that aud exists and is not empty. We only require the aud claim
244 // if we expect at least one audience to be present.
245 if len(aud) == 0 || len(aud) == 1 && aud[0] == "" {
246 required := len(v.expectedAud) > 0
247 return errorIfRequired(required, "aud")
248 }
249
250 if !expectAllAud {
251 for _, a := range aud {
252 // If we only expect one match, we can stop early if we find a match
253 if slices.Contains(cmp, a) {
254 return nil
255 }
256 }
257
258 return ErrTokenInvalidAudience
259 }
260
261 // Note that we are looping cmp here to ensure that all expected audiences
262 // are present in the aud claim.
263 for _, a := range cmp {
264 if !slices.Contains(aud, a) {
265 return ErrTokenInvalidAudience
266 }
267 }
268
269 return nil
270}
271
272// verifyIssuer compares the iss claim in claims against cmp.
273//

Callers 2

ValidateMethod · 0.95

Calls 2

errorIfRequiredFunction · 0.85
GetAudienceMethod · 0.65

Tested by 1