Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Support validating tokens with tenant domain in the case of custom domains #753

Merged
merged 2 commits into from
Dec 29, 2023
Merged

feat: Support validating tokens with tenant domain in the case of custom domains #753

merged 2 commits into from
Dec 29, 2023

Commits on Dec 29, 2023

  1. Validate token with tenant domain in case of custom domain 

    When a token is issued, the token issuer is validated against the domain within the configuration.
However, when a custom domain is provided within the SDK configuration, the issuer is validated against the custom domain.

This fix will, in case of custom domain set in SDK configuration, validates the custom domain at first against the issuer within the token.
Whenever this fails, fallback to the tenant domain set in the SDK Configuration.

Use case:
- A tenant domain is set
- A custom domain is set

All auth0 requests (e.g. token and validation) are sent to custom domain.
In certain situations, the custom domain acts as a proxy that actually does some extended validation on the client request and redirects the requests to the actual tenant domain.
Therefor, the tenant domain is the origin issuer of the token, while the requests are proxied through the custom domain.
    Ramon committed Dec 29, 2023
    Configuration menu
    Copy the full SHA
    6a2ecc4 View commit details
    Browse the repository at this point in the history

  2. Apply code styling rules

    @evansims
    evansims committed Dec 29, 2023
    Configuration menu
    Copy the full SHA
    d95cd7d View commit details
    Browse the repository at this point in the history