From b1fcc7f7ae1795d609a1b8f18e8ebfdd23342557 Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Wed, 20 Mar 2024 13:52:25 -0400
Subject: [PATCH] refactor: if the token doesn't match our purpose only error
 if  EmptyAllowed is off

---
 api/middleware/middleware.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/middleware/middleware.go b/api/middleware/middleware.go
index df87d90..b481326 100644
--- a/api/middleware/middleware.go
+++ b/api/middleware/middleware.go
@@ -129,7 +129,9 @@ func AuthMiddleware(options AuthMiddlewareOptions) func(http.Handler) http.Handl
 				aud, _ := claim.GetAudience()
 
 				if options.Purpose != account.JWTPurposeNone && slices.Contains[jwt.ClaimStrings, string](aud, string(options.Purpose)) == false {
-					return account.ErrJWTInvalid
+					if !options.EmptyAllowed {
+						return account.ErrJWTInvalid
+					}
 				}
 
 				return nil