- changed status to wontfix
JWT contains the aud as a string when there is only one aud value
Issue #466
wontfix
In Nimbus-JOSE-JWT version 7.3.0, single-valued aud claim is always returned as a string in the JWT. Even though the option [1] is used or set a List<String> as the audience claim, if the audience list has only one value that will be put as a string into the JSON object when generating the SignedJWT using the claim set [2]. Can we get the option to put the single-valued aud JSON array when generating the JSON object from the claim set in [2]?
As per the specification https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3 also the general case is supporting "aud" value as an array.
In the general case, the "aud" value is an array of case-
sensitive strings, each containing a StringOrURI value. In the
special case when the JWT has one audience, the "aud" value MAY be a
single case-sensitive string containing a StringOrURI value.
[1] https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/293/jwt-aud-claim-changing-array-to-string-for [2] https://bitbucket.org/connect2id/nimbus-jose-jwt/src/88591adb9e5a44325318108884b518d9655f6c20/src/main/java/com/nimbusds/jwt/JWTClaimsSet.java?at=7.3#lines-834
Comments (2)
-
-
@Yavor Vasilev we also have a use case in which we call the method
public Map<String, Object> toJSONObject(final boolean includeClaimsWithNullValues)
and we need aud as single-valued array.
Will you provide an overload with this option in future releases?thanks in advance
- Log in to comment
If you need to out an
audarray for some particular JWT lib use aJWSObjectwith a JSON object /JWTClaimsSetPayload.