From 9caadbb3411de3c2e3e1619297e3776f322115ea Mon Sep 17 00:00:00 2001
From: max furman <mx.furman@gmail.com>
Date: Mon, 2 Dec 2019 19:11:27 -0500
Subject: [PATCH] Fix authority calling wrong revoke method

---
 authority/authorize.go       | 4 ++--
 authority/provisioner/jwk.go | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/authority/authorize.go b/authority/authorize.go
index db2b2414..3353c6b1 100644
--- a/authority/authorize.go
+++ b/authority/authorize.go
@@ -77,7 +77,7 @@ func (a *Authority) authorizeToken(ctx context.Context, ott string) (provisioner
 		if reuseKey, err := p.GetTokenID(ott); err == nil {
 			ok, err := a.db.UseToken(reuseKey, ott)
 			if err != nil {
-				return nil, &apiError{errors.Wrap(err, "authorizeToken: failed when checking if token already used"),
+				return nil, &apiError{errors.Wrap(err, "authorizeToken: failed when attempting to store token"),
 					http.StatusInternalServerError, errContext}
 			}
 			if !ok {
@@ -163,7 +163,7 @@ func (a *Authority) authorizeRevoke(ctx context.Context, token string) error {
 	if err != nil {
 		return &apiError{errors.Wrap(err, "authorizeRevoke"), http.StatusUnauthorized, errContext}
 	}
-	if err = p.AuthorizeSSHRevoke(ctx, token); err != nil {
+	if err = p.AuthorizeRevoke(ctx, token); err != nil {
 		return &apiError{errors.Wrap(err, "authorizeRevoke"), http.StatusUnauthorized, errContext}
 	}
 	return nil
diff --git a/authority/provisioner/jwk.go b/authority/provisioner/jwk.go
index c47960f9..fa61ee2c 100644
--- a/authority/provisioner/jwk.go
+++ b/authority/provisioner/jwk.go
@@ -118,7 +118,8 @@ func (p *JWK) authorizeToken(token string, audiences []string) (*jwtPayload, err
 
 	// validate audiences with the defaults
 	if !matchesAudience(claims.Audience, audiences) {
-		return nil, errors.New("invalid token: invalid audience claim (aud)")
+		return nil, errors.Errorf("invalid token: invalid audience claim (aud); want %s, but got %s",
+			audiences, claims.Audience)
 	}
 
 	if claims.Subject == "" {