From 977360db684068c5b7e0b2613d59cabf48271974 Mon Sep 17 00:00:00 2001
From: jacob50231 <jacob50231@gmail.com>
Date: Fri, 16 May 2025 14:55:41 -0500
Subject: [PATCH] Remove required audience check from jwt validation

---
 src/authutils/token/validate.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/authutils/token/validate.py b/src/authutils/token/validate.py
index 33526b4..e075fdb 100644
--- a/src/authutils/token/validate.py
+++ b/src/authutils/token/validate.py
@@ -122,6 +122,9 @@ def validate_jwt(
     # Some Gen3 apps use BASE_URL and some use USER_API, so fall back on USER_API
     if aud is None:
         aud = flask.current_app.config.get("USER_API")
+    # Skip aud validation if no audience is configured
+    if aud is None:
+        options["verify_aud"] = False
 
     if public_key is None:
         public_key = get_public_key_for_token(