-
Notifications
You must be signed in to change notification settings - Fork 921
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate against multiple issuers #246
Comments
No, since the |
Other JWT libraries accept an array of issuers so this would be a very nice-to-have. |
We are looking for something similar when switching to a custom domain with auth0, when you switch to a custom domain the issuer changes although the auth0 tenant stays the same. To handle this we temporarily have to accept multiple issuers. The patch with having multiple verifiers seems to be the best solution to be able to transition properly. |
This is already in our backlog. I'll discuss with the team on the coming days if we should raise the priority. 👍 |
I'd like to have this too. My use case is that we have one issuer prefix e.g. You could make this even more generic by supporting a method like |
Enabling this at the application level would be nice by supporting a generic validation method like this on
|
Adds the ability for users to add one or more custom validations to the JWT verification process, by using `withCustomValidation` on the validation builder. This is useful to workaround the inability to perform particular validations directly with the library, such as issue auth0#246, or to do other validations that are not possible with the built-in validations.
FYI, the logic I describe above implemented in #290. |
With the custom validator the issuer claim would still fail if multiple issuers aren't supported, these look like two separate concepts. Adding the possibility to add custom validations on application layer seems like a good idea though. |
I agree, the custom validation logic is not a replacement for this issue -- I do believe it is still a valid thing to desire the ability to validate against multiple issuers. I simply reference it as a workaround that is also useful in other situations. |
This issue is solved with #288, is it not? |
Yes, it can be closed. |
Is there a way to validate against multiple issuers with the current api?
The text was updated successfully, but these errors were encountered: