diff --git a/pkg/oidc/token.go b/pkg/oidc/token.go
index b06bc79..61267d7 100644
--- a/pkg/oidc/token.go
+++ b/pkg/oidc/token.go
@@ -277,10 +277,16 @@ func timeToJSON(t time.Time) int64 {
 	return t.Unix()
 }
 
-func audienceFromJSON(audience interface{}) []string {
-	switch aud := audience.(type) {
+func audienceFromJSON(i interface{}) []string {
+	switch aud := i.(type) {
 	case []string:
 		return aud
+	case []interface{}:
+		audience := make([]string, len(aud))
+		for i, a := range aud {
+			audience[i] = a.(string)
+		}
+		return audience
 	case string:
 		return []string{aud}
 	}
diff --git a/pkg/rp/default_rp.go b/pkg/rp/default_rp.go
index 6c9208d..3a830bb 100644
--- a/pkg/rp/default_rp.go
+++ b/pkg/rp/default_rp.go
@@ -40,8 +40,9 @@ type DefaultRP struct {
 
 	errorHandler func(http.ResponseWriter, *http.Request, string, string, string)
 
-	verifier   Verifier
-	onlyOAuth2 bool
+	verifier     Verifier
+	verifierOpts []ConfFunc
+	onlyOAuth2   bool
 }
 
 //NewDefaultRP creates `DefaultRP` with the given
@@ -79,7 +80,7 @@ func NewDefaultRP(rpConfig *Config, rpOpts ...DefaultRPOpts) (DelegationTokenExc
 	}
 
 	if p.verifier == nil {
-		p.verifier = NewDefaultVerifier(rpConfig.Issuer, rpConfig.ClientID, NewRemoteKeySet(p.httpClient, p.endpoints.JKWsURL))
+		p.verifier = NewDefaultVerifier(rpConfig.Issuer, rpConfig.ClientID, NewRemoteKeySet(p.httpClient, p.endpoints.JKWsURL), p.verifierOpts...)
 	}
 
 	return p, nil
@@ -112,6 +113,12 @@ func WithHTTPClient(client *http.Client) DefaultRPOpts {
 	}
 }
 
+func WithVerifierOpts(opts ...ConfFunc) DefaultRPOpts {
+	return func(p *DefaultRP) {
+		p.verifierOpts = opts
+	}
+}
+
 //AuthURL is the `RelayingParty` interface implementation
 //wrapping the oauth2 `AuthCodeURL`
 //returning the url of the auth request