As part of a recent formal analysis of an OAuth/OIDC-based protocol, we discovered Audience Injection Attacks, a new class of vulnerabilities affecting asymmetric signature-based client authentication. These attacks exploit weaknesses in client authentication to trick an honest client into generating a client assertion that is valid for an honest authorization server—allowing the attacker to impersonate the client and access user resources. In this talk, we present simple instances of audience injection attacks, analyze their root cause, and discuss how they can—and cannot—be mitigated.