Hey there @TheRabber welcome to the community!
I unfortunately don’t have any experience with Gin Assuming you’re passing an audience in the original authorize request, you shouldn’t need to extract anything. The middleware should just be used to check for specific claims once you’ve successfully validated the access token.