From 1fd45f5ce051dd51b9af29858f6b280e1efc2f6c Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Sun, 4 Aug 2019 15:13:20 +0200
Subject: [PATCH] fix: paseto formatted access token audience is a single
 string

---
 lib/models/formats/paseto.js | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/models/formats/paseto.js b/lib/models/formats/paseto.js
index 6df420786..1b6a67225 100644
--- a/lib/models/formats/paseto.js
+++ b/lib/models/formats/paseto.js
@@ -32,11 +32,16 @@ module.exports = (provider) => {
     async getValueAndPayload() {
       const [, payload] = await opaque.getValueAndPayload.call(this);
       const {
-        jti, accountId: sub, iat, exp, scope, aud, clientId: azp, 'x5t#S256': x5t, 'jkt#S256': jkt, extra,
+        jti, accountId: sub, iat, exp, scope, clientId: azp, 'x5t#S256': x5t, 'jkt#S256': jkt, extra,
       } = payload;
+      let { aud } = payload;
 
-      if (Array.isArray(aud) && aud.length > 1) {
-        throw new Error('only a single audience ("aud") value is permitted for this token type');
+      if (Array.isArray(aud)) {
+        if (aud.length > 1) {
+          throw new Error('only a single audience ("aud") value is permitted for this token type');
+        } else {
+          [aud] = aud;
+        }
       }
 
       let value;