Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate against multiple issuers #246

Closed
cescoferraro opened this issue Mar 9, 2018 · 11 comments
Closed

Validate against multiple issuers #246

cescoferraro opened this issue Mar 9, 2018 · 11 comments

Comments

@cescoferraro
Copy link

Is there a way to validate against multiple issuers with the current api?
@lbalmaceda
Copy link
Contributor

No, since the JWTVerifier#withIssuer only accepts a single string and the JWTVerifier#withArrayClaim will check that all the passed array contents are present in the token rather than only checking if the token's issuer is part of the passed array.
Could be added though.

@crizo23
Copy link

crizo23 commented Jun 4, 2018

Other JWT libraries accept an array of issuers so this would be a very nice-to-have.

@filip26 filip26 mentioned this issue Jun 16, 2018
Closed
@jogee
Copy link

jogee commented Jul 18, 2018

We are looking for something similar when switching to a custom domain with auth0, when you switch to a custom domain the issuer changes although the auth0 tenant stays the same. To handle this we temporarily have to accept multiple issuers.

The patch with having multiple verifiers seems to be the best solution to be able to transition properly.

@lbalmaceda
Copy link
Contributor

This is already in our backlog. I'll discuss with the team on the coming days if we should raise the priority. 👍

@rocketraman
Copy link

rocketraman commented Oct 14, 2018
edited
Loading

I'd like to have this too. My use case is that we have one issuer prefix e.g. https://foo.com with multiple valid paths, such as https://foo.com/v1-issuer and https://foo.com/v2-issuer. Therefore, I need to be able to pass in a list of valid issuers.

You could make this even more generic by supporting a method like withIssuer(IssuerValidator) where IssuerValidator is a SAM interface for easy lamda implementation. That being said, more complex cases like that can be handled at the application level after parsing, so I would be fine with just the multiple issuer support.

@rocketraman
Copy link

rocketraman commented Oct 14, 2018
edited
Loading

That being said, more complex cases like that can be handled at the application level after parsing, so I would be fine with just the multiple issuer support.

Enabling this at the application level would be nice by supporting a generic validation method like this on Verification, where each call contributes an additional custom validation:

withCustomValidation(CustomJwtValidator) where CustomJwtValidator is:

interface CustomJwtValidator {
  validate(DecodedJWT jwt) throws JWTVerificationException;
}

rocketraman added a commit to rocketraman/java-jwt that referenced this issue Oct 14, 2018
@rocketraman
Support custom validation
7521305 
Adds the ability for users to add one or more custom validations to the
JWT verification process, by using `withCustomValidation` on the
validation builder.

This is useful to workaround the inability to perform particular
validations directly with the library, such as issue auth0#246, or to do other
validations that are not possible with the built-in validations.
@rocketraman
Copy link

FYI, the logic I describe above implemented in #290.

@jogee
Copy link

jogee commented Oct 17, 2018

With the custom validator the issuer claim would still fail if multiple issuers aren't supported, these look like two separate concepts. Adding the possibility to add custom validations on application layer seems like a good idea though.

@rocketraman
Copy link

With the custom validator the issuer claim would still fail if multiple issuers aren't supported, these look like two separate concepts. Adding the possibility to add custom validations on application layer seems like a good idea though.

I agree, the custom validation logic is not a replacement for this issue -- I do believe it is still a valid thing to desire the ability to validate against multiple issuers. I simply reference it as a workaround that is also useful in other situations.

lbalmaceda pushed a commit that referenced this issue Mar 11, 2019
@itdevelopmentapps @lbalmaceda
Support multiple issuers #246 (#288)
6ffa703 
* Support multiple issuers #246

* Implemented comments after review

* Implemented comments after review, rolled back remove claim unit test

* Implemented comments after review

* Added tests to increase coverage
@coperator
Copy link

coperator commented Jun 19, 2019
edited
Loading

This issue is solved with #288, is it not?

@jogee
Copy link

jogee commented Jun 19, 2019

Yes, it can be closed.

@ebickle ebickle mentioned this issue Aug 17, 2021
Closed
@barchetta barchetta mentioned this issue Nov 15, 2022
Closed
@hangzhang-circle hangzhang-circle mentioned this issue Apr 20, 2023
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rocketraman @crizo23 @lbalmaceda @cescoferraro @coperator @jogee