diff --git a/internal/client.go b/internal/client.go
index dabc734..238431a 100644
--- a/internal/client.go
+++ b/internal/client.go
@@ -44,7 +44,8 @@ func (client *Client) BuildAuthorizationUrl(authEndpoint string, state string, r
 		"&redirect_uri=" + util.URLEscape(strings.Join(client.RedirectUris, ",")) +
 		"&response_type=" + responseType +
 		"&state=" + state +
-		"&scope=" + strings.Join(scope, "+")
+		"&scope=" + strings.Join(scope, "+") +
+		"&audience=http://127.0.0.1:4444/oauth2/token"
 }
 
 func (client *Client) InitiateLoginFlow(loginUrl string) error {
@@ -181,14 +182,14 @@ func (client *Client) AddTrustedIssuer(remoteUrl string, idp *oidc.IdentityProvi
 		quotedScopes[i] = fmt.Sprintf("\"%s\"", s)
 	}
 	// NOTE: Can also include "jwks_uri" instead
-	data := []byte(fmt.Sprintf(`{
-		"allow_any_subject": false,
-		"issuer": "%s",
-		"subject": "%s",
-		"expires_at": "%v",
-		"jwk": %v,
-		"scope": [ %s ]
-	}`, idp.Issuer, subject, time.Now().Add(duration).Format(time.RFC3339), string(jwkstr), strings.Join(quotedScopes, ",")))
+	data := []byte(fmt.Sprintf("{"+
+		"\"allow_any_subject\": false,"+
+		"\"issuer\": \"%s\","+
+		"\"subject\": \"%s\","+
+		"\"expires_at\": \"%v\","+
+		"\"jwk\": %v,"+
+		"\"scope\": [ %s ]"+
+		"}", idp.Issuer, subject, time.Now().Add(duration).Format(time.RFC3339), string(jwkstr), strings.Join(quotedScopes, ",")))
 	fmt.Printf("%v\n", string(data))
 
 	req, err := http.NewRequest("POST", remoteUrl, bytes.NewBuffer(data))
diff --git a/internal/login.go b/internal/login.go
index d4e3f12..7e7f7b0 100644
--- a/internal/login.go
+++ b/internal/login.go
@@ -101,7 +101,7 @@ func Login(config *Config) error {
 	}()
 
 	// use code from response and exchange for bearer token (with ID token)
-	tokenString, err := client.FetchTokenFromAuthenticationServer(
+	bearerToken, err := client.FetchTokenFromAuthenticationServer(
 		code,
 		idp.Endpoints.Token,
 		config.State,
@@ -112,7 +112,7 @@ func Login(config *Config) error {
 
 	// unmarshal data to get id_token and access_token
 	var data map[string]any
-	err = json.Unmarshal([]byte(tokenString), &data)
+	err = json.Unmarshal([]byte(bearerToken), &data)
 	if err != nil || data == nil {
 		return fmt.Errorf("failed to unmarshal token: %v", err)
 	}
@@ -123,30 +123,43 @@ func Login(config *Config) error {
 	if err != nil {
 		fmt.Printf("failed to parse ID token: %v\n", err)
 	} else {
-		fmt.Printf("token: %v\n", idToken)
+		fmt.Printf("id_token: %v\n", idToken)
 		if config.DecodeIdToken {
 			if err != nil {
 				fmt.Printf("failed to decode JWT: %v\n", err)
 			} else {
-				fmt.Printf("id_token.header: %s\nid_token.payload: %s\n", string(idJwtSegments[0]), string(idJwtSegments[1]))
+				for i, segment := range idJwtSegments {
+					// don't print last segment (signatures)
+					if i == len(idJwtSegments)-1 {
+						break
+					}
+					fmt.Printf("%s\n", string(segment))
+				}
 			}
 		}
 	}
 
 	// extract the access token to get the scopes
-	// accessToken := data["access_token"].(string)
-	// accessJwtSegments, err := util.DecodeJwt(accessToken)
-	// if err != nil || len(accessJwtSegments) <=  {
-	// 	fmt.Printf("failed to parse access token: %v\n", err)
-	// } else {
-	// 	if config.DecodeIdToken {
-	// 		if err != nil {
-	// 			fmt.Printf("failed to decode JWT: %v\n", err)
-	// 		} else {
-	// 			fmt.Printf("access_token.header: %s\naccess_token.payload: %s\n", string(accessJwtSegments[0]), string(accessJwtSegments[1]))
-	// 		}
-	// 	}
-	// }
+	accessToken := data["access_token"].(string)
+	accessJwtSegments, err := util.DecodeJwt(accessToken)
+	if err != nil || len(accessJwtSegments) <= 0 {
+		fmt.Printf("failed to parse access token: %v\n", err)
+	} else {
+		fmt.Printf("access_token: %v\n", accessToken)
+		if config.DecodeIdToken {
+			if err != nil {
+				fmt.Printf("failed to decode JWT: %v\n", err)
+			} else {
+				for i, segment := range accessJwtSegments {
+					// don't print last segment (signatures)
+					if i == len(accessJwtSegments)-1 {
+						break
+					}
+					fmt.Printf("%s\n", string(segment))
+				}
+			}
+		}
+	}
 
 	// extract the scope from access token claims
 	// var scope []string
diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go
deleted file mode 100644
index 3bd7ed0..0000000
--- a/internal/oauth/oauth.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package oauth
-
-type Client struct {
-	Id           string   `yaml:"id"`
-	Secret       string   `yaml:"secret"`
-	RedirectUris []string `yaml:"redirect-uris"`
-}
-
-func NewClient() *Client {
-	return &Client{
-		Id:           "",
-		Secret:       "",
-		RedirectUris: []string{""},
-	}
-}