Issue on setting audience/issuer as var-args (JWTVerifier)

[ssrm]

Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues.

Thank you in advance for helping us to improve this library! Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community or Auth0 Support. Finally, to avoid duplicates, please search existing Issues before submitting one here.

By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct.

Description

when sending null to withAudience/withIssuer (JWTVerifier), varargs creates an array instead of null. Due to that even though there is no "aud/iss" value, it creates claim and it tries to match.

Reproduction

https://stackoverflow.com/questions/4028059/calling-java-varargs-method-with-single-null-argument/4028113

Environment

Please provide the following:

• Version of this library used: 3.8.3
• Version of the platform or framework used, if applicable:
• Other relevant versions (language, server software, OS, browser):
• Other modules/plugins/libraries that might be involved: