From d0d70e7dea7aeaec0cc34cc8b95bf8706b7ea49f Mon Sep 17 00:00:00 2001
From: Adam Vessey <adam-vessey@users.noreply.github.com>
Date: Wed, 23 Jun 2021 12:00:25 -0300
Subject: [PATCH] Return after failing to find the "aud" claim.

---
 src/EventSubscriber/JwtEventSubscriber.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/EventSubscriber/JwtEventSubscriber.php b/src/EventSubscriber/JwtEventSubscriber.php
index 5fc919f2..b3d15a43 100644
--- a/src/EventSubscriber/JwtEventSubscriber.php
+++ b/src/EventSubscriber/JwtEventSubscriber.php
@@ -116,6 +116,7 @@ class JwtEventSubscriber implements EventSubscriberInterface {
 
     if (!in_array(static::AUDIENCE, $token->getClaim('aud'), TRUE)) {
       $event->invalidate('Missing audience entry.');
+      return;
     }
 
     $uid = $token->getClaim('webid');