Solved it.
The problem is here:
aud, ok := m[“aud”].(string)
This does not convert the slice, so it eventually returns false, thus giving “invalid audience”. I fixed it by adding my own code to the ValidationKeyGetter in the middleware.
aud := "http://localhost:8000/"
// convert audience in the JWT token to []interface{} if multiple audiences
convAud, ok := token.Claims.(jwt.MapClaims)["aud"].([]interface{})
if !ok {
// convert audience in the JWT token to string if only 1 audience
strAud, ok := token.Claims.(jwt.MapClaims)["aud"].(string)
// return error if can't convert to string
if !ok {
return token, errors.New("Invalid audience.")
}
// return error if audience doesn't match
if strAud != aud {
return token, errors.New("Invalid audience.")
}
} else {
for _, v := range convAud {
if v == aud {
break
} else {
return token, errors.New("Invalid audience.")
}
}
}