You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Even when not setting an audience the check still fails due to the token having an audience. The engineer should be able to say they do not care about the audience. (this actually extends to all 3 checks)
There are a few places where the validation feels too strict.
clientIdis arbitrary when checking a token in an API and should be allowed to be skipped.