OAuth2Auth: access_token fails validation if configuration has multiple audiences

[srjakes]

In my configuration I have two audiences.

At this point in the validation code I have an access_token with a single value in the aud claim that matches one of the configured audiences.

vertx-auth/vertx-auth-oauth2/src/main/java/io/vertx/ext/auth/oauth2/impl/OAuth2AuthProviderImpl.java

Line 618 in 67b237b

final List<String> aud = jwtOptions.getAudience();

The access_token fails validation because the other audience from the configuration is not in the aud claim.

The similar check in vertx-auth-jwt does a Collections.disjoint on the configured audiences and the aud claim.

I think that my access_token should pass this audience validation check.