refactor: jwt client authentication audience is now an issuer identif…

…ier string If needed this can be reverted using the `extras.clientAssertionPayload` option.
panva · Nov 22, 2024 · 0b05217 · 0b05217
1 parent e7380c0
commit 0b05217
Showing 1 changed file with 1 addition and 4 deletions.
diff --git a/lib/helpers/client.js b/lib/helpers/client.js
@@ -92,17 +92,14 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) {
     case 'private_key_jwt':
     case 'client_secret_jwt': {
       const timestamp = now();
-      const audience = [
-        ...new Set([this.issuer.issuer, this.issuer.token_endpoint].filter(Boolean)),
-      ];
 
       const assertion = await clientAssertion.call(this, endpoint, {
         iat: timestamp,
         exp: timestamp + 60,
         jti: random(),
         iss: this.client_id,
         sub: this.client_id,
-        aud: audience,
+        aud: this.issuer.issuer,
         ...clientAssertionPayload,
       });