From f645dd3543b89434ccd4ae6334f09f50bd16dc21 Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Thu, 10 Sep 2020 08:35:37 +0200
Subject: [PATCH 1/2] fix: unmarshalling of audience as array (#53)

---
 pkg/oidc/token.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pkg/oidc/token.go b/pkg/oidc/token.go
index c468670..a4b8a3d 100644
--- a/pkg/oidc/token.go
+++ b/pkg/oidc/token.go
@@ -241,10 +241,16 @@ func timeToJSON(t time.Time) int64 {
 	return t.Unix()
 }
 
-func audienceFromJSON(audience interface{}) []string {
-	switch aud := audience.(type) {
+func audienceFromJSON(i interface{}) []string {
+	switch aud := i.(type) {
 	case []string:
 		return aud
+	case []interface{}:
+		audience := make([]string, len(aud))
+		for i, a := range aud {
+			audience[i] = a.(string)
+		}
+		return audience
 	case string:
 		return []string{aud}
 	}

From 8f07a5b9c9fa50c3be37d428e71064e7de8a07b3 Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Thu, 10 Sep 2020 15:19:55 +0200
Subject: [PATCH 2/2] feat: add possibility to add verifier opts to default RP

---
 pkg/rp/default_rp.go | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/pkg/rp/default_rp.go b/pkg/rp/default_rp.go
index 6c9208d..3a830bb 100644
--- a/pkg/rp/default_rp.go
+++ b/pkg/rp/default_rp.go
@@ -40,8 +40,9 @@ type DefaultRP struct {
 
 	errorHandler func(http.ResponseWriter, *http.Request, string, string, string)
 
-	verifier   Verifier
-	onlyOAuth2 bool
+	verifier     Verifier
+	verifierOpts []ConfFunc
+	onlyOAuth2   bool
 }
 
 //NewDefaultRP creates `DefaultRP` with the given
@@ -79,7 +80,7 @@ func NewDefaultRP(rpConfig *Config, rpOpts ...DefaultRPOpts) (DelegationTokenExc
 	}
 
 	if p.verifier == nil {
-		p.verifier = NewDefaultVerifier(rpConfig.Issuer, rpConfig.ClientID, NewRemoteKeySet(p.httpClient, p.endpoints.JKWsURL))
+		p.verifier = NewDefaultVerifier(rpConfig.Issuer, rpConfig.ClientID, NewRemoteKeySet(p.httpClient, p.endpoints.JKWsURL), p.verifierOpts...)
 	}
 
 	return p, nil
@@ -112,6 +113,12 @@ func WithHTTPClient(client *http.Client) DefaultRPOpts {
 	}
 }
 
+func WithVerifierOpts(opts ...ConfFunc) DefaultRPOpts {
+	return func(p *DefaultRP) {
+		p.verifierOpts = opts
+	}
+}
+
 //AuthURL is the `RelayingParty` interface implementation
 //wrapping the oauth2 `AuthCodeURL`
 //returning the url of the auth request