Multiple authorized issuer

[antzo]

Changes

• Auth0Service now can handle multiple authorized_issuer

This is a non-breaking change that allows the original string definition for jwt_auth.authorized_issuer to continue working.

Testing

[x] All existing tests complete without errors

[joshcanhelp]

@antzo - Thank you for the PR here! Can you explain what your use case is for having multiple allowed ID token issuers?

[antzo]

@joshcanhelp Of course! In my use case I have two applications:

a) iOS client that is consuming an API with example.domain.com token issuer
b) Android client which is also consuming an API with eu.domain.com token issuer

In this case I have to maintain the compatibility with both app's till the b) app changes to the new token issuer.

Seems like the auth0-php library is implementing authorized_iss as array for the RS256 so I thought can be a good addition to the bundle, btw thanks for create it.

[antzo]

Let me know if you want me to add some unit tests but I think that is enough with the current suite

[joshcanhelp]

@antzo - Thank you for the details here, that's helpful.

The next major version of the PHP SDK will actually remove the ability to set a custom issuer, single or multiple. But that change was made because we're improving our compliance with the OIDC specifications, which is centered around ID tokens, not access tokens. Unfortunately, those two concepts are conflated in the SDK, making for situations like this.

I'm going to approve this for now since this bundle will need to do what you're asking for here and it's pinned at the major level for the SDK.

[joshcanhelp]

❯ snyk test

Testing /Users/joshcanhelp/Sites/jwt-auth-bundle...

Organization:      auth0-sdks
Package manager:   composer
Target file:       composer.lock
Open source:       no
Project path:      /Users/josh-cunningham/Sites/jwt-auth-bundle
Licenses:          enabled

✓ Tested 35 dependencies for known issues, no vulnerable paths found.

[darthf1]

@joshcanhelp @antzo this PR introduced a BC.

!!
!!  In BaseNode.php line 511:
!!
!!    A dynamic value is not compatible with a "Symfony\Component\Config\Definiti
!!    on\PrototypedArrayNode" node type at path "jwt_auth.authorized_issuer".
!!
!!
!!

jwt_auth:
  domain: "%env(resolve:AUTH0_DOMAIN)%"
  authorized_issuer: "%env(resolve:AUTH0_AUTHORIZED_ISSUER)%"
  api_identifier: "%env(resolve:AUTH0_AUDIENCE)%"

had to be changed to:

jwt_auth:
  domain: "%env(resolve:AUTH0_DOMAIN)%"
  authorized_issuer:
    - "%env(resolve:AUTH0_AUTHORIZED_ISSUER)%"
  api_identifier: "%env(resolve:AUTH0_AUDIENCE)%"

[joshcanhelp]

@darthf1 - What was the value of authorized_issuer for you? I believe the intent here was to handle both strings and arrays.

[antzo]

@darthf1 You are right. I just send a PR to fix the problem

#89