From 710981ecbaebd3466708f5a524f63073dd386bbe Mon Sep 17 00:00:00 2001
From: Melissa Autumn <melissa@thunderbird.net>
Date: Mon, 8 Jan 2024 12:48:59 -0800
Subject: [PATCH] Specify the audience for fxa webhooks.

---
 backend/src/appointment/dependencies/fxa.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/appointment/dependencies/fxa.py b/backend/src/appointment/dependencies/fxa.py
index de6762f7f..dbd42632b 100644
--- a/backend/src/appointment/dependencies/fxa.py
+++ b/backend/src/appointment/dependencies/fxa.py
@@ -47,7 +47,7 @@ def get_webhook_auth(request: Request, fxa_client: FxaClient = Depends(get_fxa_c
         logging.error(f"Error decoding token. Key ID ({headers.get('kid')}) is missing from public list.")
         return None
 
-    decoded_jwt = jwt.decode(header_token, jwk_pem, algorithms='RS256')
+    decoded_jwt = jwt.decode(header_token, jwk_pem, audience=fxa_client.client_id, algorithms='RS256')
 
     # Final verification
     if decoded_jwt.get('iss') != fxa_client.config.issuer: