diff --git a/internal/client.go b/internal/client.go
index 024ad9f..781151c 100644
--- a/internal/client.go
+++ b/internal/client.go
@@ -208,8 +208,9 @@ func (client *Client) AddTrustedIssuer(remoteUrl string, idp *oidc.IdentityProvi
 	return io.ReadAll(res.Body)
 }
 
-func (client *Client) RegisterOAuthClient(registerUrl string, audience string) ([]byte, error) {
+func (client *Client) RegisterOAuthClient(registerUrl string, audience []string) ([]byte, error) {
 	// hydra endpoint: POST /clients
+	audience = util.QuoteArrayStrings(audience)
 	data := []byte(fmt.Sprintf(`{
 		"client_name":                "%s",
 		"client_secret":              "%s",
@@ -217,8 +218,8 @@ func (client *Client) RegisterOAuthClient(registerUrl string, audience string) (
 		"scope":                      "openid email profile",
 		"grant_types":                ["client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer"],
 		"response_types":             ["token"],
-		"audience":                   ["%s"]
-	}`, client.Id, client.Secret, audience))
+		"audience":                   [%s]
+	}`, client.Id, client.Secret, strings.Join(audience, ",")))
 
 	req, err := http.NewRequest("POST", registerUrl, bytes.NewBuffer(data))
 	if err != nil {
diff --git a/internal/login.go b/internal/login.go
index 89f400b..0beb0c5 100644
--- a/internal/login.go
+++ b/internal/login.go
@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"reflect"
 	"time"
 )
 
@@ -191,7 +192,7 @@ func Login(config *Config) error {
 
 	// extract the subject from ID token claims
 	var subject string
-	var audience string
+	var audience []string
 	var idJsonPayload map[string]any
 	var idJwtPayload []byte = idJwtSegments[1]
 	if idJwtPayload != nil {
@@ -200,7 +201,13 @@ func Login(config *Config) error {
 			return fmt.Errorf("failed to unmarshal JWT: %v", err)
 		}
 		subject = idJsonPayload["sub"].(string)
-		audience = idJsonPayload["aud"].(string)
+		audType := reflect.ValueOf(idJsonPayload["aud"])
+		switch audType.Kind() {
+		case reflect.String:
+			audience = append(audience, idJsonPayload["aud"].(string))
+		case reflect.Array:
+			audience = idJsonPayload["aud"].([]string)
+		}
 	} else {
 		return fmt.Errorf("failed to extract subject from ID token claims")
 	}
diff --git a/internal/util/util.go b/internal/util/util.go
index ff08438..4ba8156 100644
--- a/internal/util/util.go
+++ b/internal/util/util.go
@@ -100,3 +100,10 @@ func Tokenize(s string) map[string]any {
 
 	return tokens
 }
+
+func QuoteArrayStrings(arr []string) []string {
+	for i, v := range arr {
+		arr[i] = "\"" + v + "\""
+	}
+	return arr
+}