Datasleek

> > > A sufficient number of JWT validation checks is being performed in the [`msal.oauth2cli.oidc.decode_id_token()`](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/02686350a0b023d610b1d7a7249a3bb9c275ced7/msal/oauth2cli/oidc.py#L31), which is called upon adding tokens into `TokenCache`: [token_cache.py:137](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/02686350a0b023d610b1d7a7249a3bb9c275ced7/msal/token_cache.py#L137). But these checks do not...

> > > > A sufficient number of JWT validation checks is being performed in the [`msal.oauth2cli.oidc.decode_id_token()`](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/02686350a0b023d610b1d7a7249a3bb9c275ced7/msal/oauth2cli/oidc.py#L31), which is called upon adding tokens into `TokenCache`: [token_cache.py:137](https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/02686350a0b023d610b1d7a7249a3bb9c275ced7/msal/token_cache.py#L137). But these checks do...

> > > Hi @datasleek, as per [documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens#payload-claims), the audience "aud" claim in ID token is either Application (client) ID or Application ID URI, e.g.: > > ``` > '3513283e-1abe-420c-8de0-7415d2d26ae0'...