Separate two cases for validation of aud claim.

src/buffoonery/auth.nim

@@ -136,10 +136,13 @@ proc validateJWT*(ctx: ApiAuthContext, jwt: JWT) =
 
     if jwt.header.alg.isNone: failAuth "Missing 'alg' header property."
 
-    if jwt.claims.aud.isNone or
-       not ctx.validAudiences.contains(jwt.claims.aud.get):
+    if jwt.claims.aud.isNone: failAuth "Missing 'aud' claim."
+
+    if not ctx.validAudiences.contains(jwt.claims.aud.get):
+      log.debug(
+        "Valid audiences: $#\ttoken audience: $#" %
+        [$ctx.validAudiences, jwt.claims.aud.get])
       failAuth "JWT is not for us (invalid audience)."
-      failAuth "Issuer is trusted, but the token is not for the expected audience."
 
     let signingAlgorithm = jwt.header.alg.get