With a custom domain, JWKs aren't being fetched from the correct domain

[drobin03]

Description

** Disclaimer ** I am on a project with a closed (to me) Auth0 configuration, so I might be off base here.

We have a custom domain configured in Auth0. The problem is, the main Auth0 domain returns a 404 from '.auth0.com/.well-known/jwks.json', whereas on the custom domain, that endpoint exists and returns correctly. Unfortunately, the WP_Auth0_Api_Get_Jwks::call method appears to always fetch from the main domain, rather than the custom domain, so the login is broken.

I suspect that in a custom domain setup, this call should be made against the custom domain, rather than the main Auth0 domain.

Reproduction

I have these settings:

define('AUTH0_ENV_DOMAIN', 'xxx');
define('AUTH0_ENV_CUSTOM_DOMAIN', 'xxx');
define('AUTH0_ENV_CLIENT_ID', 'xxx');
define('AUTH0_ENV_CLIENT_SECRET', 'xxxx');
define('AUTH0_ENV_CLIENT_SIGNING_ALGORITHM', 'RS256');
define('AUTH0_ENV_REQUIRES_VERIFIED_EMAIL', 0);
define('AUTH0_ENV_AUTO_PROVISIONING', 1);
define('AUTH0_ENV_AUTO_LOGIN', 0);

This is a consistent issue in my setup.

Interestingly, when I set 'AUTH0_ENV_DOMAIN' to the custom domain, my login works properly. However this seems like it goes against the instructions, so I don't have confidence in that solution long-term.

Environment

• Plugin version 4.0.0
• Wordpress version 5.4.1

[joshcanhelp]

@drobin03 - Appreciate the detailed report here, this helped figure out the root cause. You are correct, the call for the JWKS does not take into account custom domains. I'll put through a PR for that right now.