From b0b28ce97734a0b700bb6a1203c1c4982206eaef Mon Sep 17 00:00:00 2001
From: Chris Tran <chris.tran@agilebits.com>
Date: Fri, 20 Dec 2024 12:50:07 -0600
Subject: [PATCH] feat: changes jwt validation to only check app id in audience
 using the jwt libs validation options

---
 src/classes/Auth/Auth.ts | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/src/classes/Auth/Auth.ts b/src/classes/Auth/Auth.ts
index 87381fa..6880087 100644
--- a/src/classes/Auth/Auth.ts
+++ b/src/classes/Auth/Auth.ts
@@ -50,17 +50,11 @@ export class Auth extends PassageBase {
         }
 
         const {
-            payload: { sub: userId, aud },
-        } = await jwtVerify(jwt, this.jwks);
+            payload: { sub: userId },
+        } = await jwtVerify(jwt, this.jwks, { audience: [this.config.appId] });
 
         if (!userId) {
-            throw new Error('Could not validate auth token. You must catch this error.');
-        }
-
-        if (Array.isArray(aud)) {
-            if (!aud.includes(this.config.appId)) {
-                throw new Error('Incorrect app ID claim in token. You must catch this error.');
-            }
+            throw new Error('sub missing in jwt claims.');
         }
 
         return userId;