From 27e9456e3c2e8e7904218dbf01da0967f4bba22f Mon Sep 17 00:00:00 2001
From: Don Kendall <kendall@donkendall.com>
Date: Sat, 18 Jan 2025 15:08:11 -0500
Subject: [PATCH] [IMP] support claim without an aud key

---
 auth_jwt/models/auth_jwt_validator.py | 7 +++----
 auth_jwt/tests/test_auth_jwt.py       | 5 +++++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/auth_jwt/models/auth_jwt_validator.py b/auth_jwt/models/auth_jwt_validator.py
index 13649adad2..3758a75f93 100644
--- a/auth_jwt/models/auth_jwt_validator.py
+++ b/auth_jwt/models/auth_jwt_validator.py
@@ -65,7 +65,7 @@ class AuthJwtValidator(models.Model):
         default="RS256",
     )
     audience = fields.Char(
-        required=True, help="Comma separated list of audiences, to validate aud."
+        required=False, help="Comma separated list of audiences, to validate aud."
     )
     issuer = fields.Char(required=True, help="To validate iss.")
     user_id_strategy = fields.Selection(
@@ -200,12 +200,11 @@ def _decode(self, token, secret=None):
                 key=key,
                 algorithms=[algorithm],
                 options=dict(
-                    require=["exp", "aud", "iss"],
+                    require=["exp", "iss"],
                     verify_exp=True,
-                    verify_aud=True,
                     verify_iss=True,
                 ),
-                audience=self.audience.split(","),
+                audience=(self.audience).split(",") if self.audience else None,
                 issuer=self.issuer,
             )
         except Exception as e:
diff --git a/auth_jwt/tests/test_auth_jwt.py b/auth_jwt/tests/test_auth_jwt.py
index 6a87e87cbc..e98f5bfc32 100644
--- a/auth_jwt/tests/test_auth_jwt.py
+++ b/auth_jwt/tests/test_auth_jwt.py
@@ -344,6 +344,11 @@ def test_multiple_aud(self):
         with self.assertRaises(UnauthorizedInvalidToken):
             validator._decode(token)
 
+    def test_no_aud(self):
+        validator = self._create_validator("validator", audience=None)
+        token = self._create_token(audience=None)
+        validator._decode(token)
+
     def test_nbf(self):
         validator = self._create_validator("validator")
         token = self._create_token(nbf=time.time() - 60)