Disable TDEI token audience verification

cyrossignol · cyrossignol · commit 60151ff66c6f · 2026-02-18T19:31:21.000-08:00
diff --git a/api/core/security.py b/api/core/security.py
@@ -163,6 +163,8 @@ async def _validate_token_uncached(
         token,
         key=signing_key.key,
         algorithms=["RS256"],
+        # OIDC server does not currently differentiate tokens by audience
+        options={"verify_aud": False}
     )
     payload = jwtDecoded.get("payload", {})
 

Original file line number	Diff line number	Diff line change
`@@ -163,6 +163,8 @@ async def _validate_token_uncached(`
`163`	`163`	`token,`
`164`	`164`	`key=signing_key.key,`
`165`	`165`	`algorithms=["RS256"],`
	`166`	`+ # OIDC server does not currently differentiate tokens by audience`
	`167`	`+ options={"verify_aud": False}`
`166`	`168`	`)`
`167`	`169`	`payload = jwtDecoded.get("payload", {})`
`168`	`170`