From cb465658fcd0cf315891c063d3111c7267b408af Mon Sep 17 00:00:00 2001
From: Brent Schmaltz <brentsch@hotmail.com>
Date: Tue, 26 Sep 2023 14:55:33 -0700
Subject: [PATCH] GetPayloadClaim<object>("aud") will return a single string
 when aud is a simple string.

---
 .../Json/JsonWebToken.PayloadClaimSet.cs                 | 9 +++++++--
 .../JsonWebTokenTests.cs                                 | 9 +++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.IdentityModel.JsonWebTokens/Json/JsonWebToken.PayloadClaimSet.cs b/src/Microsoft.IdentityModel.JsonWebTokens/Json/JsonWebToken.PayloadClaimSet.cs
index cf40664089..39e415f6bf 100644
--- a/src/Microsoft.IdentityModel.JsonWebTokens/Json/JsonWebToken.PayloadClaimSet.cs
+++ b/src/Microsoft.IdentityModel.JsonWebTokens/Json/JsonWebToken.PayloadClaimSet.cs
@@ -44,9 +44,14 @@ internal JsonClaimSet CreatePayloadClaimSet(byte[] bytes, int length)
                         else
                         {
                             if (reader.TokenType != JsonTokenType.Null)
+                            {
                                 _audiences.Add(JsonSerializerPrimitives.ReadString(ref reader, JwtRegisteredClaimNames.Aud, ClassName));
-
-                            claims[JwtRegisteredClaimNames.Aud] = _audiences;
+                                claims[JwtRegisteredClaimNames.Aud] = _audiences[0];
+                            }
+                            else
+                            {
+                                claims[JwtRegisteredClaimNames.Aud] = _audiences;
+                            }
                         }
                     }
                     else if (reader.ValueTextEquals(JwtPayloadUtf8Bytes.Azp))
diff --git a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenTests.cs b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenTests.cs
index c041edc187..ddad746112 100644
--- a/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenTests.cs
+++ b/test/Microsoft.IdentityModel.JsonWebTokens.Tests/JsonWebTokenTests.cs
@@ -275,6 +275,15 @@ public static TheoryData<GetPayloadValueTheoryData> CheckAudienceValuesTheoryDat
             {
                 var theoryData = new TheoryData<GetPayloadValueTheoryData>();
 
+                theoryData.Add(new GetPayloadValueTheoryData("stringFromSingleAsObject")
+                {
+                    ClaimValue = "audience",
+                    PropertyName = "aud",
+                    PropertyType = typeof(object),
+                    PropertyValue = new List<string> { "audience" },
+                    Json = JsonUtilities.CreateUnsignedToken("aud", "audience")
+                });
+
                 theoryData.Add(new GetPayloadValueTheoryData("stringFromSingleInList")
                 {
                     ClaimValue = "audience",