fix(auth): remove trailing slash from audience check to match Auth0 tokens

clintonlunn · clintonlunn · commit e5cd03b349b8 · 2026-01-14T18:31:56.000-07:00
diff --git a/src/app/api/mobile/logout/route.ts b/src/app/api/mobile/logout/route.ts
@@ -21,7 +21,7 @@ async function verifyAccessToken (request: NextRequest): Promise<boolean> {
   try {
     await jwtVerify(token, JWKS, {
       issuer: issuer + '/',
-      audience: 'https://api.openbeta.io/'
+      audience: 'https://api.openbeta.io'
     })
     return true
   } catch {
diff --git a/src/js/auth/withUserAuth.ts b/src/js/auth/withUserAuth.ts
@@ -41,8 +41,8 @@ export const withUserAuth = (handler: Next13APIHandler): Next13APIHandler => {
         const { payload } = await jwtVerify(token, JWKS, {
           issuer: issuer + '/',
           audience: [
-            'https://api.openbeta.io/', // Access token (web)
-            clientId // ID token (mobile client ID)
+            'https://api.openbeta.io', // Access token (no trailing slash)
+            clientId // ID token
           ]
         })
 
