From 7844ca678c4b5b7408a54a12667d4c3e195056fd Mon Sep 17 00:00:00 2001
From: Kenny Leung <k4leung4@gmail.com>
Date: Fri, 20 Sep 2024 13:06:22 -0700
Subject: [PATCH] set audience correctly, no https (#1313)

---
 pkg/apk/auth/auth.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/apk/auth/auth.go b/pkg/apk/auth/auth.go
index 62a100ae7..b2af1e299 100644
--- a/pkg/apk/auth/auth.go
+++ b/pkg/apk/auth/auth.go
@@ -17,9 +17,9 @@ var DefaultAuthenticators Authenticator = multiAuthenticator{
 	// First, we'll try to use the HTTP_AUTH environment variable if it's set.
 	EnvAuth{},
 	// If both of these envs are set, we'll try to use the k8s token first.
-	NewK8sAuth(os.Getenv("K8S_TOKEN_PATH"), os.Getenv("CHAINGUARD_IDENTITY"), "https://issuer.enforce.dev", "https://apk.cgr.dev"),
+	NewK8sAuth(os.Getenv("K8S_TOKEN_PATH"), os.Getenv("CHAINGUARD_IDENTITY"), "https://issuer.enforce.dev", "apk.cgr.dev"),
 	// If only the identity env is set, and k8s auth didn't work, we'll try to use exchanged GCP auth.
-	NewChainguardIdentityAuth(os.Getenv("CHAINGUARD_IDENTITY"), "https://issuer.enforce.dev", "https://apk.cgr.dev"),
+	NewChainguardIdentityAuth(os.Getenv("CHAINGUARD_IDENTITY"), "https://issuer.enforce.dev", "apk.cgr.dev"),
 	// If nothing has worked yet, we'll try to use chainctl.
 	CGRAuth{},
 }