verify audience in jwt

src/risotto/http.py

@@ -193,7 +193,6 @@ def gen_token(auth):
                 'iss': issuer,
                 'aud': audience
               }
-    
     token = jwt.encode(payload, secret, algorithm='HS256')
     return token
 
@@ -210,8 +209,7 @@ def access_token(request):
         token = jwt.encode(decoded, secret, algorithm='HS256')
         return Response(text=str(token.decode('utf-8')))
     else:
-        return HTTPUnauthorized(reason='Token could not be refreshed')
+        return HTTPUnauthorized(reason='Token could not be verified')
-    return True
 
 def verify_token(token):
     secret = get_config()['jwt']['secret']