From 4d16924b9dea71b609c15e0c7f10125273d39fde Mon Sep 17 00:00:00 2001
From: Adam Vessey <adam-vessey@users.noreply.github.com>
Date: Wed, 23 Jun 2021 12:00:25 -0300
Subject: [PATCH] Return after failing to find the "aud" claim.

---
 src/EventSubscriber/JwtEventSubscriber.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/EventSubscriber/JwtEventSubscriber.php b/src/EventSubscriber/JwtEventSubscriber.php
index ad439068e..47dd9c32c 100644
--- a/src/EventSubscriber/JwtEventSubscriber.php
+++ b/src/EventSubscriber/JwtEventSubscriber.php
@@ -116,6 +116,7 @@ public function validate(JwtAuthValidateEvent $event) {
 
     if (!in_array(static::AUDIENCE, $token->getClaim('aud'), TRUE)) {
       $event->invalidate('Missing audience entry.');
+      return;
     }
 
     $uid = $token->getClaim('webid');