fix: introspection response

[tjandrayana]

I try to fixing the issue related oauth2_introspection not parsing single string aud value

Based on this protocol https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation the audience field need to changed, to receive []string or string.

There are some solutions we can implement :

1. Change the audience as an interface

• oathkeeper/pipeline/authn/authenticator_oauth2_introspection.go

  Line 90 in e4e2263

  Audience []string `json:"aud"`

  
  Effort :
• Need to create function to check the type of interface, string or []string
• Need to update the current unit testing, possible break the current unit test

2. Create new struct and then set the audience as a single string, so if there is possibility failed to unmarshal / casting and then unmarshal / cast with this new struct
   Effort :

• Create new function to modify the response
• Not break the current unit testing

So, because of that, I decide to create new struct named Fork and add the function modify struct in this PR.
With this Fork struct and this function the unit testing also work fine after I execute in my local.
Hopefully with this PR can help everyone that face same issue.
Thank you

Related issue(s)

#491

Checklist

• I have read the contributing guidelines.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security. vulnerability, I
  confirm that I got green light (please contact
  [email protected]) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

[CLAassistant]

All committers have signed the CLA.

[codecov]

Codecov Report

Merging #792 (03d71d9) into master (a0a1329) will increase coverage by 0.13%.
The diff coverage is 94.44%.

@@            Coverage Diff             @@
##           master     #792      +/-   ##
==========================================
+ Coverage   62.21%   62.34%   +0.13%     
==========================================
  Files         102      102              
  Lines        4782     4799      +17     
==========================================
+ Hits         2975     2992      +17     
  Misses       1532     1532              
  Partials      275      275              

Impacted Files	Coverage Δ
...peline/authn/authenticator_oauth2_introspection.go	80.00% <94.44%> (+2.08%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a0a1329...03d71d9. Read the comment docs.

[aeneasr]

Thank you for the PR! However, unfortunately, I do not believe that it will resolve what you are trying to do, because the type assertion will always be false. It might make sense to use something like gjson.Get to see if you have a string or an array in the audience. It would also make sense to add an e2e test to ensure that the feature works as expected :)