require
fun ClientAuthentication.requirePrivateKeyJwt(requiredAudience: String, maxLifetimeSeconds: Long, additionalAcceptedAudience: String? = null): PrivateKeyJWT
TODO: We currently accept multiple audiences for backwards compatibility as updates to RFC7523 are pending. Relevant excerpts:
The JWT MUST contain an aud (audience) claim containing the issuer identifier RFC8414 of the authorization server as its sole value.
Unlike the aud value specified in RFC7523, there MUST be no value other than the issuer identifier of the intended authorization server used as the audience of the JWT; this includes that the token endpoint URL of the authorization server MUST NOT be used as an audience value.
The authorization server MUST reject any JWT that does not contain its issuer identifier as its sole audience value.
See RFC7523bis for details. Compliance with the RFC will require breaking changes.