in app/auth/BearerTokenAuth.scala [169:184]
def checkAudience(claimsSet:JWTClaimsSet) = {
val audiences = claimsSet.getAudience.asScala ++ claimsSet.getAzp
logger.debug(s"JWT audiences: $audiences")
config.getOptional[Seq[String]]("auth.validAudiences") match {
case None=>
logger.error(s"No valid audiences configured. Set auth.validAudiences. Token audiences were $audiences")
Left(LoginResultMisconfigured("Server configuration problem"))
case Some(audienceList)=>
if(audiences.intersect(audienceList).nonEmpty) {
logger.debug("Audience permitted")
Right(LoginResultOK(claimsSet))
} else {
Left(LoginResultInvalid("The token was not from a supported app"))
}
}
}