diff --git a/shinyproxy/pep.js.j2 b/shinyproxy/pep.js.j2
index 0be3f5a..a71c8db 100644
--- a/shinyproxy/pep.js.j2
+++ b/shinyproxy/pep.js.j2
@@ -14,8 +14,6 @@ function enforce(r) {
     request: r
   }
   
-  var allowedcontexts = ["{{ shinyproxy_authorized_scopes }}"]
-  
   log(context, "Inside NJS enforce for " + r.method + " @ " + r.headersIn.host + "/" + r.uri)
   context.authn = {}
   context.authn.token = getBearerToken(context)
@@ -26,7 +24,7 @@ function enforce(r) {
     .then(ctx=>{
         const jwt = context.authn.verified_token
         debug(context, "[PEP] Token is valid:" + njs.dump(jwt))
-        if(allowedcontexts.indexOf(jwt.aud) === -1){
+        if(!checkAudience(context, jwt.aud)){
           debug(context, "[PEP] Unathorized context " + jwt.aud)
           throw new Error("Unauthorized")
         }
@@ -61,6 +59,11 @@ function getBearerToken(context){
   return null;
 }
 
+function checkAudience(context, aud){
+  context.log("Audience to verify is " + njs.dump(aud))
+  return true
+}
+
 function buildAccountingRecord(context){
   const t = (new Date()).getTime()
   return {
@@ -75,8 +78,8 @@ function buildAccountingRecord(context){
     "serviceName": context.request.uri.split("app/")[1],
     "duration": 0,
     "maxInvocationTime": 0,
-    "scope": "{{ shinyproxy_authorized_scopes }}",
-    "host": "{{ shinyproxy_service_host }}",
+    "scope": context.verified_token.aud,
+    "host": icontext.request.host,
     "startTime": t,
     "id": uuid(),
     "calledMethod": context.request.method + " " + context.request.uri,