fixup! Fix auth not working, use data from id_token

dotkom · Feb 24, 2024 · 56da61a · 56da61a
1 parent 9a8ac24
commit 56da61a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/apps/authentication/backends.py b/apps/authentication/backends.py
@@ -42,7 +42,7 @@ def get_or_create_user(self, access_token, id_token, payload):
             # this is modified from the source, since we do not want to call /userinfo on _every_ API-call
             # this is kinda weird to have here, but ensures the access_token is verified in both DRF and elsewhere
             userinfo = self.verify_token(access_token)
-            if "https://online.ntnu.no" not in payload.get("aud", []):
+            if "https://online.ntnu.no" not in userinfo.get("aud", []):
                 raise SuspiciousOperation(
                     "Wrong audience, this token is not meant for us"
                 )