From f2937cffff21d4d7d6bd05fb8181f6b6223b5c6d Mon Sep 17 00:00:00 2001
From: MarcusGrass <marcus.grass@protonmail.com>
Date: Fri, 8 Dec 2023 15:35:49 +0100
Subject: [PATCH] Treat empty audience as equivalent to no audience

---
 src/validation.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/validation.rs b/src/validation.rs
index e0d64a7c..690e7181 100644
--- a/src/validation.rs
+++ b/src/validation.rs
@@ -286,6 +286,11 @@ pub(crate) fn validate(claims: ClaimsForValidation, options: &Validation) -> Res
         // processing the claim does not identify itself with a value in the
         // "aud" claim when this claim is present, then the JWT MUST be
         //  rejected.
+        (TryParse::Parsed(Audience::Multiple(aud)), None) => {
+            if !aud.is_empty() {
+                return Err(new_error(ErrorKind::InvalidAudience));
+            }
+        }
         (TryParse::Parsed(_), None) => {
             return Err(new_error(ErrorKind::InvalidAudience));
         }