diff --git a/sheepdog/blueprint/routes/views/__init__.py b/sheepdog/blueprint/routes/views/__init__.py
index b58c0094..a6585676 100644
--- a/sheepdog/blueprint/routes/views/__init__.py
+++ b/sheepdog/blueprint/routes/views/__init__.py
@@ -54,7 +54,11 @@ def get_programs():
         }
     """
     if flask.current_app.config.get("AUTH_SUBMISSION_LIST", True) is True:
-        auth.validate_request(aud={"openid"}, purpose=None)
+        auth.validate_request(
+            scope={"openid"},
+            audience=flask.current_app.config.get("BASE_URL"),
+            purpose=None,
+        )
     with flask.current_app.db.session_scope():
         programs = current_app.db.nodes(models.Program.name).all()
     links = [flask.url_for(".get_projects", program=p[0]) for p in programs]
diff --git a/sheepdog/blueprint/routes/views/program/__init__.py b/sheepdog/blueprint/routes/views/program/__init__.py
index 3bd32c5a..ad551f98 100644
--- a/sheepdog/blueprint/routes/views/program/__init__.py
+++ b/sheepdog/blueprint/routes/views/program/__init__.py
@@ -59,7 +59,11 @@ def get_projects(program):
         }
     """
     if flask.current_app.config.get("AUTH_SUBMISSION_LIST", True) is True:
-        auth.validate_request(aud={"openid"}, purpose=None)
+        auth.validate_request(
+            scope={"openid"},
+            audience=flask.current_app.config.get("BASE_URL"),
+            purpose=None,
+        )
     with flask.current_app.db.session_scope():
         matching_programs = flask.current_app.db.nodes(models.Program).props(
             name=program
diff --git a/sheepdog/blueprint/routes/views/program/project.py b/sheepdog/blueprint/routes/views/program/project.py
index e623d9b4..10f5ce31 100644
--- a/sheepdog/blueprint/routes/views/program/project.py
+++ b/sheepdog/blueprint/routes/views/program/project.py
@@ -132,7 +132,11 @@ def get_project_dictionary(program=None, project=None):
         403: Unauthorized request.
     """
     if flask.current_app.config.get("AUTH_SUBMISSION_LIST", True) is True:
-        auth.validate_request(aud={"openid"}, purpose=None)
+        auth.validate_request(
+            scope={"openid"},
+            audience=flask.current_app.config.get("BASE_URL"),
+            purpose=None,
+        )
     keys = list(dictionary.schema.keys()) + ["_all"]
     links = [
         flask.url_for(
@@ -228,7 +232,11 @@ def get_project_dictionary_entry(program, project, entry):
         403: Unauthorized request.
     """
     if flask.current_app.config.get("AUTH_SUBMISSION_LIST", True) is True:
-        auth.validate_request(aud={"openid"}, purpose=None)
+        auth.validate_request(
+            scope={"openid"},
+            audience=flask.current_app.config.get("BASE_URL"),
+            purpose=None,
+        )
     return get_dictionary_entry(entry)