Merge pull request #109 from sadika9/patch-1

Validate v2.0 token app id (azp)
TheNetworg · Jul 4, 2020 · 0d28aaa · 0d28aaa
2 parents 9275c97 + f9d635c
commit 0d28aaa
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Provider/Azure.php b/src/Provider/Azure.php
@@ -281,7 +281,7 @@ public function validateAccessToken($accessToken)
      * @return void
      */
     public function validateTokenClaims($tokenClaims) {
-        if ($this->getClientId() != $tokenClaims['aud'] && $this->getClientId() != $tokenClaims['appid']) {
+        if ($this->getClientId() != $tokenClaims['aud']) {
             throw new \RuntimeException('The client_id / audience is invalid!');
         }
         if ($tokenClaims['nbf'] > time() || $tokenClaims['exp'] < time()) {