From 4770b405ba1e8147597e516ee6708615ec0293c7 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Mon, 18 Apr 2022 15:18:23 -0700
Subject: [PATCH] Drop any query string from the admin tokens

This commit makes sure the admin token audience is passed without
a query string (or any fragment).
---
 ca/adminClient.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ca/adminClient.go b/ca/adminClient.go
index c3ba666f..72f62dd8 100644
--- a/ca/adminClient.go
+++ b/ca/adminClient.go
@@ -90,6 +90,13 @@ func (c *AdminClient) generateAdminToken(aud *url.URL) (string, error) {
 		return "", err
 	}
 
+	// Drop any query string parameter from the token audience
+	aud = &url.URL{
+		Scheme: aud.Scheme,
+		Host:   aud.Host,
+		Path:   aud.Path,
+	}
+
 	now := time.Now()
 	tokOptions := []token.Options{
 		token.WithJWTID(jwtID),