Merge pull request #109 from sadika9/patch-1

hajekj · web-flow · commit 0d28aaa681d1 · 2020-07-04T10:21:17.000+02:00
Validate v2.0 token app id (azp)
diff --git a/src/Provider/Azure.php b/src/Provider/Azure.php
@@ -281,7 +281,7 @@ public function validateAccessToken($accessToken)
      * @return void
      */
     public function validateTokenClaims($tokenClaims) {
-        if ($this->getClientId() != $tokenClaims['aud'] && $this->getClientId() != $tokenClaims['appid']) {
+        if ($this->getClientId() != $tokenClaims['aud']) {
             throw new \RuntimeException('The client_id / audience is invalid!');
         }
         if ($tokenClaims['nbf'] > time() || $tokenClaims['exp'] < time()) {

Original file line number	Diff line number	Diff line change
`@@ -281,7 +281,7 @@ public function validateAccessToken($accessToken)`
`281`	`281`	`* @return void`
`282`	`282`	`*/`
`283`	`283`	`public function validateTokenClaims($tokenClaims) {`
`284`		`- if ($this->getClientId() != $tokenClaims['aud'] && $this->getClientId() != $tokenClaims['appid']) {`
	`284`	`+ if ($this->getClientId() != $tokenClaims['aud']) {`
`285`	`285`	`throw new \RuntimeException('The client_id / audience is invalid!');`
`286`	`286`	`}`
`287`	`287`	`if ($tokenClaims['nbf'] > time() \|\| $tokenClaims['exp'] < time()) {`