[Config] Aud claim: Binary Lists not supported

[OddNaughty]

Hello,

As I was struggling with JTW claims and Joken.Config, I saw in the JWT RFC that aud normally contains a string array.

In the general case, the "aud" value is an array of case-sensitive strings, each containing a StringOrURI value.

As saw here: Jwtk issue

Thank you a lot and nice work!

[victorolinasc]

Hi @OddNaughty ! Unfortunately, most implementations in the wild don't respect that too much...

From my personal experience it is usually not a list. But feat not! To use a list for aud claim you can define your own validations:

defmodule MyToken do
  use Joken.Config

  def token_config do
    default_claims(skip: [:aud])
    |> add_claim("aud", fn -> ["my_aud"] end, &validate_audience/1)
  end

  def validate_audience(incoming) when is_list(incoming), do: incoming |> hd() |> Kernel.==("my_aud")
  def validate_audience(_), do: false
end

[victorolinasc]

I'll be closing this for now as, although it is not the default, you can still create your own validations. If you want this to be on the next major version (which might break the default behaviour) give your opinion on #256 .

Thanks for your input!