From 6a89ed74cbf66f5977572930b8837c5088c44656 Mon Sep 17 00:00:00 2001
From: Pavol Ipoth <pavol.ipoth@telekom.com>
Date: Mon, 16 Nov 2020 09:39:34 +0100
Subject: [PATCH] Ignore client id check when checking access token

---
 middleware.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/middleware.go b/middleware.go
index 3d3bf5aca..ccf9bf0e1 100644
--- a/middleware.go
+++ b/middleware.go
@@ -197,7 +197,7 @@ func (r *oauthProxy) authenticationMiddleware() func(http.Handler) http.Handler
 					// step: if the error post verification is anything other than a token
 					// expired error we immediately throw an access forbidden - as there is
 					// something messed up in the token
-					if err != ErrAccessTokenExpired {
+					if err != ErrAccessTokenExpired && !strings.Contains(err.Error(), "expected audience") {
 						r.log.Error("access token failed verification",
 							zap.String("client_ip", clientIP),
 							zap.Error(err))