handle secret hash for multiple issuers

lib/omniauth/jwt/version.rb

@@ -1,5 +1,5 @@
 module Omniauth
   module JWT
-    VERSION = "1.1.1"
+    VERSION = "1.2.0"
   end
 end

lib/omniauth/strategies/jwt.rb

@@ -65,6 +65,8 @@ def callback_phase
       def secret
         if options.secret.is_a?(String)
           options.secret
+        elsif options.secret.is_a?(Hash)
+          issuer_specific_secret
         else
           secret_lookup.secret
         end
@@ -77,6 +79,12 @@ def secret_lookup
       def uid_lookup
         @uid_lookup ||= options.uid_claim.new(request)
       end
+
+      def issuer_specific_secret
+        unverified_token = ::JWT.decode(request.params['jwt'], nil, false)[0]
+        iss = unverified_token['iss']
+        options.secret[iss]
+      end
     end
 
     class Jwt < JWT; end

spec/lib/omniauth/strategies/jwt_spec.rb

@@ -92,5 +92,17 @@ def uid(decoded)
         expect(last_response.status).to eq(302)
       end
     end
+
+    describe 'secret' do
+      context 'multiple issuers' do
+        let(:args) { [{ issuer_1: 'secret_1', issuer_2: 'secret_2' }, {auth_url: 'http://example.com/login'}] }
+
+        it 'should assign the uid' do
+          encoded = JWT.encode({name: 'Steve', email: 'dude@awesome.com', iss: 'issuer_1'}, 'secret_1')
+          get '/auth/jwt/callback?jwt=' + encoded
+          expect(response_json["uid"]).to eq('dude@awesome.com')
+        end
+      end
+    end
   end
 end