api_key shouldn't count as an issuer for audience purposes
Closed this issue · 0 comments
inklesspen commented
In 4.7.0, OpenAPI generation raises a 'audiences must be a dict when third-party issuers are in use' exception if non-Google Auth issuers are in use. However, api_key is technically treated as an issuer, even though it's a different kind of security control. Ignore api_key for these purposes.