fix: Allow multiple audiences for id_token.verify_token (#733)
* feat: Allow multiple audiences for id_token.verify_token (#732)
* running black
Co-authored-by: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com>
diff --git a/tests/test_jwt.py b/tests/test_jwt.py
index 7b5ba5c..c5290eb 100644
--- a/tests/test_jwt.py
+++ b/tests/test_jwt.py
@@ -144,6 +144,17 @@
assert payload["metadata"]["meta"] == "data"
+def test_decode_valid_with_audience_list(token_factory):
+ payload = jwt.decode(
+ token_factory(),
+ certs=PUBLIC_CERT_BYTES,
+ audience=["audience@example.com", "another_audience@example.com"],
+ )
+ assert payload["aud"] == "audience@example.com"
+ assert payload["user"] == "billy bob"
+ assert payload["metadata"]["meta"] == "data"
+
+
def test_decode_valid_unverified(token_factory):
payload = jwt.decode(token_factory(), certs=OTHER_CERT_BYTES, verify=False)
assert payload["aud"] == "audience@example.com"
@@ -211,6 +222,14 @@
assert excinfo.match(r"Token has wrong audience")
+def test_decode_bad_token_wrong_audience_list(token_factory):
+ token = token_factory()
+ audience = ["audience2@example.com", "audience3@example.com"]
+ with pytest.raises(ValueError) as excinfo:
+ jwt.decode(token, PUBLIC_CERT_BYTES, audience=audience)
+ assert excinfo.match(r"Token has wrong audience")
+
+
def test_decode_wrong_cert(token_factory):
with pytest.raises(ValueError) as excinfo:
jwt.decode(token_factory(), OTHER_CERT_BYTES)