fix: audience is now a required JWT claim for idToken (#24)

versini-org · Jun 24, 2024 · c1730e7 · c1730e7
1 parent a94b270
commit c1730e7
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/packages/auth-provider/src/common/utilities.ts b/packages/auth-provider/src/common/utilities.ts
@@ -45,13 +45,17 @@ export const serviceCall = async ({ params = {} }: ServiceCallProps) => {
 	}
 };
 
-export const verifyAndExtractToken = async (token: string) => {
+export const verifyAndExtractToken = async (
+	token: string,
+	audience: string,
+) => {
 	try {
 		const alg = JWT.ALG;
 		const spki = JWT_PUBLIC_KEY;
 		const publicKey = await jose.importSPKI(spki, alg);
 		return await jose.jwtVerify(token, publicKey, {
 			issuer: JWT.ISSUER,
+			audience,
 		});
 	} catch (_error) {
 		return undefined;
@@ -79,7 +83,7 @@ export const authenticateUser = async ({
 				clientId,
 			},
 		});
-		const jwt = await verifyAndExtractToken(response.data.idToken);
+		const jwt = await verifyAndExtractToken(response.data.idToken, clientId);
 		if (jwt && jwt.payload[JWT.USER_ID_KEY] !== "") {
 			return {
 				idToken: response.data.idToken,

diff --git a/packages/auth-provider/src/components/AuthProvider/AuthProvider.tsx b/packages/auth-provider/src/components/AuthProvider/AuthProvider.tsx
@@ -41,7 +41,7 @@ export const AuthProvider = ({
 		if (previousIdToken !== idToken && idToken !== null) {
 			(async () => {
 				try {
-					const jwt = await verifyAndExtractToken(idToken);
+					const jwt = await verifyAndExtractToken(idToken, clientId);
 					if (jwt && jwt.payload[JWT.USER_ID_KEY] !== "") {
 						setAuthState({
 							isAuthenticated: true,
@@ -58,7 +58,7 @@ export const AuthProvider = ({
 				}
 			})();
 		}
-	}, [idToken, previousIdToken]);
+	}, [idToken, previousIdToken, clientId]);
 
 	const login = async (
 		username: string,