From 691cee7bebc84ea2bcd28ab34cd95add69b63684 Mon Sep 17 00:00:00 2001
From: Orne Brocaar <info@brocaar.com>
Date: Mon, 11 Dec 2023 11:23:52 +0000
Subject: [PATCH] Upgrade jsonwebtoken dependency.

Since v9 setting the audience is mandatory.
---
 Cargo.lock                        | 20 ++++++--------------
 chirpstack/Cargo.toml             |  2 +-
 chirpstack/src/api/auth/claims.rs |  1 +
 3 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 3146d620..3b49c3d2 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2282,13 +2282,14 @@ dependencies = [
 
 [[package]]
 name = "jsonwebtoken"
-version = "8.3.0"
+version = "9.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378"
+checksum = "5c7ea04a7c5c055c175f189b6dc6ba036fd62306b58c66c9f6389036c503a3f4"
 dependencies = [
  "base64 0.21.5",
- "pem 1.1.1",
- "ring 0.16.20",
+ "js-sys",
+ "pem",
+ "ring 0.17.7",
  "serde",
  "serde_json",
  "simple_asn1",
@@ -2905,15 +2906,6 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
 
-[[package]]
-name = "pem"
-version = "1.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8"
-dependencies = [
- "base64 0.13.1",
-]
-
 [[package]]
 name = "pem"
 version = "3.0.2"
@@ -3354,7 +3346,7 @@ name = "rcgen"
 version = "0.12.0"
 source = "git+https://github.com/rustls/rcgen.git?rev=5ed5fccd3effd4da391492f5f01f98c955b9a4c4#5ed5fccd3effd4da391492f5f01f98c955b9a4c4"
 dependencies = [
- "pem 3.0.2",
+ "pem",
  "ring 0.17.7",
  "time",
  "x509-parser",
diff --git a/chirpstack/Cargo.toml b/chirpstack/Cargo.toml
index 2c4f5b1e..fbc85c98 100644
--- a/chirpstack/Cargo.toml
+++ b/chirpstack/Cargo.toml
@@ -101,7 +101,7 @@ anyhow = "1.0"
 # Authentication
 pbkdf2 = { version = "0.12", features = ["simple"] }
 rand_core = { version = "0.6", features = ["std"] }
-jsonwebtoken = "8.3"
+jsonwebtoken = "9.2"
 rustls = "0.21"
 rustls-native-certs = "0.6"
 rustls-pemfile = "1.0"
diff --git a/chirpstack/src/api/auth/claims.rs b/chirpstack/src/api/auth/claims.rs
index d508bcf9..94c80905 100644
--- a/chirpstack/src/api/auth/claims.rs
+++ b/chirpstack/src/api/auth/claims.rs
@@ -55,6 +55,7 @@ impl AuthClaim {
 
     pub fn decode(token: &str, secret: &[u8]) -> Result<Self> {
         let mut val = Validation::new(Algorithm::HS256);
+        val.set_audience(&["chirpstack"]);
         val.required_spec_claims = HashSet::new(); // make the 'exp' optional
 
         let claim = decode::<AuthClaim>(token, &DecodingKey::from_secret(secret), &val)?;