Added option for audience check

Author: oxisto

validator.go

@@ -21,6 +21,10 @@ type Validator struct {
 	// necessary. However, if wanted, it can be checked if the iat is
 	// unrealistic, i.e., in the future.
 	verifyIat bool
+
+	// expectedAud contains the audiences this token expects. Supplying an empty
+	// string will disable aud checking.
+	expectedAud string
 }
 
 type customValidationType interface {
@@ -67,6 +71,11 @@ func (v *Validator) Validate(claims Claims) error {
 		vErr.Errors |= ValidationErrorNotValidYet
 	}
 
+	if v.expectedAud != "" && !v.VerifyAudience(claims, v.expectedAud, false) {
+		vErr.Inner = ErrTokenNotValidYet
+		vErr.Errors |= ValidationErrorNotValidYet
+	}
+
 	// Finally, we want to give the claim itself some possibility to do some
 	// additional custom validation based on their custom claims
 	cvt, ok := claims.(customValidationType)

validator_option.go

@@ -25,10 +25,17 @@ func WithTimeFunc(f func() time.Time) ValidatorOption {
 	}
 }
 
-// WithIssuedAtVerification returns the ValidatorOption to enable verification
+// WithIssuedAt returns the ValidatorOption to enable verification
 // of issued-at.
-func WithIssuedAtVerification() ValidatorOption {
+func WithIssuedAt() ValidatorOption {
 	return func(v *Validator) {
 		v.verifyIat = true
 	}
 }
+
+// WithAudience returns the ValidatorOption to set the expected audience.
+func WithAudience(aud string) ValidatorOption {
+	return func(v *Validator) {
+		v.expectedAud = aud
+	}
+}