refactor: if the token doesn't match our purpose only error if EmptyAllowed is off

This commit is contained in:
Derrick Hammer 2024-03-20 13:52:25 -04:00
parent b6c92a6348
commit b1fcc7f7ae
Signed by: pcfreak30
GPG Key ID: C997C339BE476FF2
1 changed files with 3 additions and 1 deletions

View File

@ -129,8 +129,10 @@ func AuthMiddleware(options AuthMiddlewareOptions) func(http.Handler) http.Handl
aud, _ := claim.GetAudience()
if options.Purpose != account.JWTPurposeNone && slices.Contains[jwt.ClaimStrings, string](aud, string(options.Purpose)) == false {
if !options.EmptyAllowed {
return account.ErrJWTInvalid
}
}
return nil
})