From 7bfd43446a7a43a3ba2e0b9b5bdd9a9c7bbf70b8 Mon Sep 17 00:00:00 2001
From: max furman <mx.furman@gmail.com>
Date: Mon, 2 Dec 2019 19:11:27 -0500
Subject: [PATCH] wip

---
 authority/provisioner/jwk.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/authority/provisioner/jwk.go b/authority/provisioner/jwk.go
index c47960f9..5fc229f1 100644
--- a/authority/provisioner/jwk.go
+++ b/authority/provisioner/jwk.go
@@ -122,7 +122,8 @@ func (p *JWK) authorizeToken(token string, audiences []string) (*jwtPayload, err
 	}
 
 	if claims.Subject == "" {
-		return nil, errors.New("token subject cannot be empty")
+		return nil, errors.Errorf("invalid token: invalid audience claim (aud); want %s, but got %s",
+			audiences, claims.Audience)
 	}
 
 	return &claims, nil