id_token["aud"] may be a single item list

MojeID provider returns 'aud': ['single-id'] which was by mistake taken as multiple audiences without 'azp'.
Added MojeID as a tested provider.

Author: e3rd

README.rst

@@ -22,6 +22,7 @@ It has been tested with:
 
 * `Google+ Login <https://developers.google.com/accounts/docs/OAuth2Login>`_
 * `Ipsilon <https://ipsilon-project.org/>`_
+* `MojeID <https://mojeid.cz>`_
 
 
 Project status

docs/index.rst

@@ -72,7 +72,7 @@ A very basic example client::
     def index():
         if oidc.user_loggedin:
             return 'Welcome %s' % oidc.user_getfield('email')
-        else
+        else:
             return 'Not logged in'
 
     @app.route('/login')
@@ -136,6 +136,7 @@ for information on how to obtain client secrets.
 For example, for Google, you will need to visit `Google API credentials management
 <https://console.developers.google.com/apis/credentials?project=_>`_.
 
+For `MojeID <https://www.mojeid.cz/en/provider/getting-started/>`_, you type `curl --data '{"redirect_uris": "https://your app", "client_name": "Your name"}' https://mojeid.cz/oidc/`
 
 Manual client registration
 --------------------------

flask_oidc/__init__.py

@@ -612,7 +612,9 @@ def _is_id_token_valid(self, id_token):
             logger.error('id_token issued by non-trusted issuer: %s'
                          % id_token['iss'])
             return False
-
+        
+        if isinstance(id_token['aud'], list) and len(id_token['aud']) == 1:
+            id_token['aud'] = id_token['aud'][0]
         if isinstance(id_token['aud'], list):
             # step 3 for audience list
             if self.flow.client_id not in id_token['aud']: