diff --git a/lib/passageidentity/auth.rb b/lib/passageidentity/auth.rb
index 98b84a1..66b7a60 100644
--- a/lib/passageidentity/auth.rb
+++ b/lib/passageidentity/auth.rb
@@ -76,15 +76,13 @@ def validate_jwt(token)
         )
       end
 
-      audiences = [@auth_origin, @app_id]
-
       claims =
         JWT.decode(
           token,
           nil,
           true,
           {
-            aud: audiences,
+            aud: @app_id,
             verify_aud: true,
             algorithms: ['RS256'],
             jwks: @jwks
@@ -162,7 +160,7 @@ def fetch_jwks
       app_cache = get_cache(@app_id)
 
       if app_cache
-        @jwks, @auth_origin = app_cache
+        @jwks = app_cache
       else
         auth_gw_connection =
           Faraday.new(url: 'https://auth.passage.id') do |f|
@@ -172,10 +170,6 @@ def fetch_jwks
             f.adapter :net_http
           end
 
-        # fetch the public key if not in cache
-        app = fetch_app
-
-        @auth_origin = app.auth_origin
         response =
           auth_gw_connection.get("/v1/apps/#{@app_id}/.well-known/jwks.json")