From 1333873495391c9af42de5e521e10f6bb039e01c Mon Sep 17 00:00:00 2001 From: Bromles Date: Mon, 15 Apr 2024 15:35:51 +0300 Subject: [PATCH 1/2] add an option to disable aud validation --- jwt-authorizer/src/validation.rs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/jwt-authorizer/src/validation.rs b/jwt-authorizer/src/validation.rs index 1405b3e..758bd71 100644 --- a/jwt-authorizer/src/validation.rs +++ b/jwt-authorizer/src/validation.rs @@ -17,6 +17,10 @@ pub struct Validation { /// /// Defaults to `false`. pub validate_nbf: bool, + /// Whether to validate the `aud` field. + /// + /// Defaults to `true`. + pub validate_aud: bool, /// If it contains a value, the validation will check that the `aud` claim value is in the values provided. /// /// Defaults to `None`. @@ -50,6 +54,14 @@ impl Validation { self } + /// enables or disables aud validation + /// Very insecure to turn that off, only do it if you know what you're doing. + pub fn validate_aud(mut self, val: bool) -> Self { + self.validate_aud = val; + + self + } + /// check that the `aud` claim is a member of the items provided pub fn aud(mut self, items: &[T]) -> Self { self.aud = Some(items.iter().map(|x| x.to_string()).collect()); @@ -115,6 +127,7 @@ impl Validation { jwt_validation.leeway = self.leeway; jwt_validation.validate_exp = self.validate_exp; jwt_validation.validate_nbf = self.validate_nbf; + jwt_validation.validate_aud = self.validate_aud; jwt_validation.iss = iss; jwt_validation.aud = aud; jwt_validation.sub = None; @@ -138,6 +151,7 @@ impl Default for Validation { validate_exp: true, validate_nbf: false, + validate_aud: true, iss: None, aud: None, From 214e34dad8fa787655c1df3cc5c2c68cb8324375 Mon Sep 17 00:00:00 2001 From: Bromles Date: Mon, 15 Apr 2024 15:40:53 +0300 Subject: [PATCH 2/2] simplify changes --- jwt-authorizer/src/validation.rs | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/jwt-authorizer/src/validation.rs b/jwt-authorizer/src/validation.rs index 758bd71..0f4c094 100644 --- a/jwt-authorizer/src/validation.rs +++ b/jwt-authorizer/src/validation.rs @@ -17,10 +17,6 @@ pub struct Validation { /// /// Defaults to `false`. pub validate_nbf: bool, - /// Whether to validate the `aud` field. - /// - /// Defaults to `true`. - pub validate_aud: bool, /// If it contains a value, the validation will check that the `aud` claim value is in the values provided. /// /// Defaults to `None`. @@ -54,14 +50,6 @@ impl Validation { self } - /// enables or disables aud validation - /// Very insecure to turn that off, only do it if you know what you're doing. - pub fn validate_aud(mut self, val: bool) -> Self { - self.validate_aud = val; - - self - } - /// check that the `aud` claim is a member of the items provided pub fn aud(mut self, items: &[T]) -> Self { self.aud = Some(items.iter().map(|x| x.to_string()).collect()); @@ -127,7 +115,7 @@ impl Validation { jwt_validation.leeway = self.leeway; jwt_validation.validate_exp = self.validate_exp; jwt_validation.validate_nbf = self.validate_nbf; - jwt_validation.validate_aud = self.validate_aud; + jwt_validation.validate_aud = self.aud.is_some(); jwt_validation.iss = iss; jwt_validation.aud = aud; jwt_validation.sub = None; @@ -151,7 +139,6 @@ impl Default for Validation { validate_exp: true, validate_nbf: false, - validate_aud: true, iss: None, aud: None,