From 3eefa76126e5b1335ca17d8dc407b4ebae8f3486 Mon Sep 17 00:00:00 2001
From: Amine Saboni <saboni.amine@gmail.com>
Date: Mon, 19 Jan 2026 15:57:58 +0100
Subject: [PATCH] fi: deactive audience verification

---
 .../api/services/auth_providers/oidc_auth_provider.py      | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py b/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py
index ca60c8662..4f441baab 100644
--- a/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py
+++ b/carbonserver/carbonserver/api/services/auth_providers/oidc_auth_provider.py
@@ -64,9 +64,7 @@ async def _get_algorithms(self) -> List[str]:
         oidc_config = await self._get_openid_configuration()
         return await asyncio.to_thread(self._discovery.signing_algos, oidc_config)
 
-    async def _decode_token(
-        self, token: str, *, audience: Optional[str] = None
-    ) -> Dict[str, Any]:
+    async def _decode_token(self, token: str) -> Dict[str, Any]:
         oidc_config = await self._get_openid_configuration()
         jwks = await self._get_jwks()
         algorithms = await self._get_algorithms()
@@ -74,9 +72,8 @@ async def _decode_token(
             token,
             jwks,
             algorithms=algorithms,
-            audience=audience or self.client_id,
             issuer=oidc_config.get("issuer", self.base_url),
-            options={"verify_at_hash": False},
+            options={"verify_aud": False, "verify_at_hash": False},
         )
 
     async def get_auth_url(