From 243c71f5f711a3b86faddcaf65fdfd8b80e6508a Mon Sep 17 00:00:00 2001
From: Mathieu Ancelin <mathieu.ancelin@gmail.com>
Date: Wed, 6 Nov 2024 10:24:47 +0100
Subject: [PATCH] use latest token

---
 otoroshi/app/models/apikey.scala | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/otoroshi/app/models/apikey.scala b/otoroshi/app/models/apikey.scala
index b58cf8542..960ea8d18 100644
--- a/otoroshi/app/models/apikey.scala
+++ b/otoroshi/app/models/apikey.scala
@@ -1821,8 +1821,6 @@ object ApiKeyHelper {
               case ApikeyTuple(_, None, _, _, Some(otoBearer)) if !apikey.checkBearer(otoBearer) => apikey.some.left
               case ApikeyTuple(_, None, Some(jwt), _, _)                                         => {
                 val possibleKeyPairId               = apikey.metadata.get("jwt-sign-keypair")
-                val aud = jwt.getAudience.asScala.headOption.filter(v => v.startsWith("http://") || v.startsWith("https://"))
-                println(s"audience is: ${aud}")
                 val kid                             = Option(jwt.getKeyId)
                   .orElse(possibleKeyPairId)
                   .filter(_ => constraints.jwtAuth.keyPairSigned)
@@ -1893,6 +1891,7 @@ object ApiKeyHelper {
                         .build
                     Try(verifier.verify(jwt))
                       .filter { token =>
+                        val aud = token.getAudience.asScala.headOption.filter(v => v.startsWith("http://") || v.startsWith("https://"))
                         if (aud.isDefined) {
                           val currentUrl = req.theUrl
                           val audience = aud.get