Put audience in the JWT

author: mrw1593 <botahamec@outlook.com> 2023-07-01 15:09:41 -0400
committer: mrw1593 <botahamec@outlook.com> 2023-07-01 15:09:41 -0400
commit: b909c8496a7e0f035623105f631809ef3016a810 (patch)
tree: e9bed57b124e6c11e4bf9660c00be14c454e559c /src/services/jwt.rs
parent: 55cfb8187cb814e17a2a99d02bfd9296fc01dcc2 (diff)
1 files changed, 9 insertions, 7 deletions
diff --git a/src/services/jwt.rs b/src/services/jwt.rs
index 86252c4..489b32f 100644
--- a/src/services/jwt.rs
+++ b/src/services/jwt.rs
@@ -20,7 +20,7 @@ pub enum TokenType {
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct Claims {
 	iss: Box<str>,
-	aud: Option<Box<[String]>>,
+	aud: Box<[String]>,
 	#[serde(with = "ts_milliseconds")]
 	exp: DateTime<Utc>,
 	#[serde(with = "ts_milliseconds_option")]
@@ -58,9 +58,11 @@ impl Claims {
 
 		db::create_auth_code(db, id, exp).await?;
 
+		let aud = [self_id.to_string(), client_id.to_string()].into();
+
 		Ok(Self {
 			iss: Box::from(self_id),
-			aud: None,
+			aud,
 			exp,
 			nbf: None,
 			iat: Some(time),
@@ -89,9 +91,11 @@ impl Claims {
 			.await
 			.unexpect()?;
 
+		let aud = [self_id.to_string(), client_id.to_string()].into();
+
 		Ok(Self {
 			iss: Box::from(self_id),
-			aud: None,
+			aud,
 			exp,
 			nbf: None,
 			iat: Some(time),
@@ -204,10 +208,8 @@ fn verify_jwt(
 		}
 	}
 
-	if let Some(aud) = claims.aud.clone() {
-		if !aud.contains(&self_id.to_string()) {
-			yeet!(VerifyJwtError::BadAudience.into())
-		}
+	if !claims.aud.contains(&self_id.to_string()) {
+		yeet!(VerifyJwtError::BadAudience.into())
 	}
 
 	let now = Utc::now();
author	mrw1593 <botahamec@outlook.com>	2023-07-01 15:09:41 -0400
committer	mrw1593 <botahamec@outlook.com>	2023-07-01 15:09:41 -0400
commit	b909c8496a7e0f035623105f631809ef3016a810 (patch)
tree	e9bed57b124e6c11e4bf9660c00be14c454e559c /src/services/jwt.rs
parent	55cfb8187cb814e17a2a99d02bfd9296fc01dcc2 (diff)