Fix TypeError in verifyJWTClaims (#442)

... when ClientID does not match Co-authored-by: Robert Vogel <[email protected]>
jumbojett · Sep 17, 2024 · 60919af · 60919af
1 parent 9af21bd
commit 60919af
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
@@ -1201,8 +1201,10 @@ protected function verifyJWTClaims($claims, string $accessToken = null): bool
             $len = ((int)$bit)/16;
             $expected_at_hash = $this->urlEncode(substr(hash('sha'.$bit, $accessToken, true), 0, $len));
         }
+        $auds = $claims->aud;
+        $auds = is_array( $auds ) ? $auds : [ $auds ];
         return (($this->validateIssuer($claims->iss))
-            && (($claims->aud === $this->clientID) || in_array($this->clientID, $claims->aud, true))
+            && (in_array($this->clientID, $auds, true))
             && ($claims->sub === $this->getIdTokenPayload()->sub)
             && (!isset($claims->nonce) || $claims->nonce === $this->getNonce())
             && ( !isset($claims->exp) || ((is_int($claims->exp)) && ($claims->exp >= time() - $this->leeway)))