From d03478637a283684edf68f31236456f71639bcce Mon Sep 17 00:00:00 2001
From: luxferre <chris@sr2.uk>
Date: Thu, 28 May 2026 15:16:21 +0100
Subject: [PATCH] fix: remove oidc audience requirement

---
 example.env         | 1 -
 src/auth/config.py  | 1 -
 src/auth/service.py | 1 -
 3 files changed, 3 deletions(-)

diff --git a/example.env b/example.env
index b2ab4c9..2b20f14 100644
--- a/example.env
+++ b/example.env
@@ -1,7 +1,6 @@
 SECRET_KEY=""
 OIDC_CONFIG="https://sso.sr2.uk/realms/sr2/.well-known/openid-configuration"
 OIDC_ISSUER="https://sso.sr2.uk/realms/sr2"
-OIDC_AUDIENCE="account"
 CLIENT_ID=""
 
 DATABASE_NAME="cloud-api"
diff --git a/src/auth/config.py b/src/auth/config.py
index 82646d2..979c0e5 100644
--- a/src/auth/config.py
+++ b/src/auth/config.py
@@ -9,7 +9,6 @@ from src.config import CustomBaseSettings
 class AuthConfig(CustomBaseSettings):
     OIDC_CONFIG: str = ""
     OIDC_ISSUER: str = ""
-    OIDC_AUDIENCE: str = ""
     CLIENT_ID: str = ""
 
 
diff --git a/src/auth/service.py b/src/auth/service.py
index dce8217..0417952 100644
--- a/src/auth/service.py
+++ b/src/auth/service.py
@@ -37,7 +37,6 @@ async def get_current_user(oidc_auth_string: oidc_dependency) -> dict[str, Any]:
 
 	claims_options = {
 		"exp": {"essential": True},
-		"aud": {"essential": True, "value": "account"},
 		"iss": {"essential": True, "value": auth_settings.OIDC_ISSUER},
 	}