From f84b606506f6082581e4bb1983dd31bb1f9ffbd9 Mon Sep 17 00:00:00 2001
From: David Fry <david@infitx.com>
Date: Thu, 1 Aug 2024 18:52:50 +0200
Subject: [PATCH] add extra auth audience (#2350)

---
 management/server/config.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/management/server/config.go b/management/server/config.go
index 3e5ff1eaf..4efe4fe74 100644
--- a/management/server/config.go
+++ b/management/server/config.go
@@ -56,6 +56,10 @@ type Config struct {
 func (c Config) GetAuthAudiences() []string {
 	audiences := []string{c.HttpConfig.AuthAudience}
 
+	if c.HttpConfig.ExtraAuthAudience != "" {
+		audiences = append(audiences, c.HttpConfig.ExtraAuthAudience)
+	}
+
 	if c.DeviceAuthorizationFlow != nil && c.DeviceAuthorizationFlow.ProviderConfig.Audience != "" {
 		audiences = append(audiences, c.DeviceAuthorizationFlow.ProviderConfig.Audience)
 	}
@@ -90,6 +94,8 @@ type HttpServerConfig struct {
 	OIDCConfigEndpoint string
 	// IdpSignKeyRefreshEnabled identifies the signing key is currently being rotated or not
 	IdpSignKeyRefreshEnabled bool
+	// Extra audience
+	ExtraAuthAudience string
 }
 
 // Host represents a Wiretrustee host (e.g. STUN, TURN, Signal)