Make set_issuer and set_audience require aud, iss claims

mikkel3000 · mikkel3000 · commit 6f4a9d54e7ac · 2026-06-21T09:18:53.000+02:00
Addresses #493 set_audience and set_issuer convenience functions now adds `aud` and `iss` to `required_spec_claims`.
diff --git a/src/validation.rs b/src/validation.rs
@@ -143,13 +143,17 @@ impl Validation {
 
     /// `aud` is a collection of one or more acceptable audience members
     /// The simple usage is `set_audience(&["some aud name"])`
+    /// Makes the `aud` claim required by adding to `required_spec_claims`
     pub fn set_audience<T: ToString>(&mut self, items: &[T]) {
+        self.required_spec_claims.insert("aud".to_string());
         self.aud = Some(items.iter().map(|x| x.to_string()).collect());
     }
 
     /// `iss` is a collection of one or more acceptable issuers members
     /// The simple usage is `set_issuer(&["some iss name"])`
+    /// Makes the `iss` claim required by adding to `required_spec_claims`
     pub fn set_issuer<T: ToString>(&mut self, items: &[T]) {
+        self.required_spec_claims.insert("iss".to_string());
         self.iss = Some(items.iter().map(|x| x.to_string()).collect());
     }
 
@@ -808,17 +812,49 @@ mod tests {
         };
     }
 
+    #[test]
+    #[wasm_bindgen_test]
+    fn set_audience_missing_fails() {
+        let claims = json!({});
+        let mut validation = Validation::new(Algorithm::HS256);
+        validation.validate_exp = false;
+        validation.required_spec_claims = HashSet::new();
+        validation.set_audience(&["None"]);
+        let res = validate(deserialize_claims(&claims), &validation);
+        assert!(res.is_err());
+
+        match res.unwrap_err().kind() {
+            ErrorKind::MissingRequiredClaim(claim) => assert_eq!(claim, "aud"),
+            _ => unreachable!(),
+        };
+    }
+
+    #[test]
+    #[wasm_bindgen_test]
+    fn set_issuer_missing_fails() {
+        let claims = json!({});
+        let mut validation = Validation::new(Algorithm::HS256);
+        validation.validate_exp = false;
+        validation.required_spec_claims = HashSet::new();
+        validation.set_issuer(&["None"]);
+        let res = validate(deserialize_claims(&claims), &validation);
+        assert!(res.is_err());
+
+        match res.unwrap_err().kind() {
+            ErrorKind::MissingRequiredClaim(claim) => assert_eq!(claim, "iss"),
+            _ => unreachable!(),
+        };
+    }
+
     // https://github.com/Keats/jsonwebtoken/issues/51
     #[test]
     #[wasm_bindgen_test]
     fn does_validation_in_right_order() {
         let claims = json!({ "exp": get_current_timestamp() + 10000 });
 
         let mut validation = Validation::new(Algorithm::HS256);
-        validation.set_required_spec_claims(&["exp", "iss"]);
         validation.leeway = 5;
         validation.set_issuer(&["iss no check"]);
-        validation.set_audience(&["iss no check"]);
 
         let res = validate(deserialize_claims(&claims), &validation);
         // It errors because it needs to validate iss/sub which are missing
