Hi Travis – can you expand on what you mean by re-audience a token? I have a design problem I’m trying to solve and this might align. Essentially, I have a web application backed by a microservices platform. The user never directly interfaces with the API but I want their identity (access token) to be used in API calls to perform scope/authorization check. The problem seems to be that the access token issued during the authentication process contains an audience set to the clientID of the webapp. I would like to “re-audience” this access token and pass it to the API services but I’m unclear how this should work. I don’t want to simply disable the AUD check at the API level. Thoughts or references?