Describe the bug

When setting audience to be included in jwt using quarkus.oidc-client.credentials.jwt.audience,
and the audience ends with a slash /
then quarkus strips that slash from aud in the jwt before sending the token request - causing server side aud validation to fail.

Expected behavior

When setting audience to be included in jwt using quarkus.oidc-client.credentials.jwt.audience, the aud in the jwt should be exactly like the specified one in properties.

Actual behavior

I set this:
quarkus.oidc-client.credentials.jwt.audience: "https://maskinporten.dev/"

But the validation at maskinporten fails, reporting invalid aud in jwt. When inspecting jwt, I can see that the one sent from my Quarkus app actually contains:
"aud": "https://maskinporten.dev"

How to Reproduce?

No response

Output of uname -a or ver

Linux 7bb73a23ff02 5.15.167.4-microsoft-standard-WSL2 #1 SMP Tue Nov 5 00:21:55 UTC 2024 x86_64 Linux

Output of java -version

openjdk version "25.0.1" 2025-10-21 LTS OpenJDK Runtime Environment Corretto-25.0.1.9.1 (build 25.0.1+9-LTS) OpenJDK 64-Bit Server VM Corretto-25.0.1.9.1 (build 25.0.1+9-LTS, mixed mode, sharing)

Quarkus version or git rev

3.28.2

Build tool (ie. output of mvnw --version or gradlew --version)

Apache Maven 3.9.9 (8e8579a9e76f7d015ee5ec7bfcdc97d260186937)

Additional information

No response