Unable to log in via OIDC/Authentik: InvalidAudienceError (k8s)

[stblassitude]

I've successfully configured OIDC with social_core.backends.open_id_connect.OpenIdConnectAuth using the documentation, and I do get back to NetBox from my IdP (Authentik), but I then get a 500 with:

<class 'jwt.exceptions.InvalidAudienceError'>

Audience doesn't match

Python version: 3.12.3
NetBox version: 4.4.1-Docker-3.4.1
Plugins: None installed

I do not get any log output in the pod, only the 500 access log entry.

My understanding is that this exception is thrown by PyJWT when the aud attribute in the token does not match what the caller passed. Social Login is passing the client ID, so that should be correct.

I have a few questions:

• Why is this happening? As far as I can tell, the aud attribute returned in the token will be the client ID.
• How can I get debug info? I can't see what the token response actually is (or even which token is being requested, or what the invalid aud attribute is. I have read through the Social Login docs, but I can't seem to find a debug log or similar?
• Can I enable logging to the pod logs after the app has started up? Or why am I not seeing the exception in the pod log?