Ignore client id check when checking access token

louketo · Nov 16, 2020 · 6a89ed7 · 6a89ed7
1 parent fe7edee
commit 6a89ed7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/middleware.go b/middleware.go
@@ -197,7 +197,7 @@ func (r *oauthProxy) authenticationMiddleware() func(http.Handler) http.Handler
 					// step: if the error post verification is anything other than a token
 					// expired error we immediately throw an access forbidden - as there is
 					// something messed up in the token
-					if err != ErrAccessTokenExpired {
+					if err != ErrAccessTokenExpired && !strings.Contains(err.Error(), "expected audience") {
 						r.log.Error("access token failed verification",
 							zap.String("client_ip", clientIP),
 							zap.Error(err))