Support multiple issuers
JWTs from Google OIDC has different issuer depending on where the JWT comes from.
If generated through the JavaScript Google Sign-In library it is accounts.google.com but if generated from the Android or iOS libraries it's https://accounts.google.com.
Our current solution is to do have two consumers that only differ on the issuer (we already to two-pass verification).
It would be nice to be able to have a consumer that accepts more than one issuer.
Comments (5)
-
Account Deactivated reporter -
repo owner Yes, Google is a bit of a pain in this regard with their slight variance from the issuer requirements of OIDC. Allowing for multiple issuers is something I've considered on and off. I probably should have just done it. I can likely add it in the near future though (I do need to be careful of runtime/compile time API compatibility).
In the meantime you could also have a single JWT consumer and don't call setExpectedIssuer(...) on its builder but rather implement a Validator that allows for multiple issuers and use registerValidator(...) to hook it up to the JWT consumer.
-
repo owner - changed status to resolved
fffa68d allows multiple acceptable/expected issuer values to be specified when building a JwtConsumer
-
repo owner - changed status to closed
fix for Issue
#70was released with v0.5.2 -
Account Deactivated reporter Excellent, thanks for the quick turnaround.
- Log in to comment
The code changes for this should be fairly minor, I can do them this is desired functionality.