See attached patch file.

Open to a different approach for the Audience Validation, but I figured
it was the behavior I'd want. Also didn't add any tests because frankly
I'm not sure how to, but I did test against the JWT token that led me to
discover the issue, and it worked :)

-Caranatar
-- 
sent from emacs using mu4e