From c1c5d02547516a71fedb35a061304cef93151f95 Mon Sep 17 00:00:00 2001
From: Dan <daniel.h.funk@gmail.com>
Date: Tue, 14 Feb 2023 19:39:35 -0500
Subject: [PATCH] The aud in a json web token can be a string or an array -- so
 also deal with the case that it is an array

---
 .../services/authentication_service.py                      | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py
index 7b8d6e70..b745e7f1 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authentication_service.py
@@ -169,10 +169,8 @@ class AuthenticationService:
         iat = decoded_token["iat"]
         if iss != cls.server_url():
             valid = False
-        elif aud not in (
-            cls.client_id(),
-            "account",
-        ):
+        elif aud not in (cls.client_id(), "account") and\
+                aud != [cls.client_id(), "account"]:
             valid = False
         elif azp and azp not in (
             cls.client_id(),