We present and discuss Audience Injection Attacks on signature-based client authentication, in which an honest client is tricked into providing the attacker with a valid client credential for an honest authorization server.