Note: I'm on a time-crunch and decided at the last minute to open a PR instead of "going it alone". I'll circle back and flesh this out more when I have spare time (... as if that will ever truly be the case...)
Support multiple issuer:audience combinations by introducing an option for the expectedClaims. WithExpectedClaims can be called with multiple jwt.Expected parameters to allow different Issuer:Audience combinations to validate tokens
feat: support multiple issuers in a provider using WithAdditionalIssuers option
Every effort has been made to ensure backwards compatibility. Some error messages will be different due to the wrapping of errors when multiple jwt.Expected are set. When validating the jwt, if an error is encountered, instead of returning immediately, the current error is wrapped. This is good and bad. Good because all verification failure causes are captured in a single wrapped error; Bad because all verification failure causes are captured in a single monolithic wrapped error. Unwrapping the error can be tedious if many jwt.Expected are included. There is likely a better way but this suits my purposes.
A few more test cases may be needed in order to achieve true confidence in this change
π Checklist
[x] All new/changed/fixed functionality is covered by tests (or N/A)
[x] I have added documentation for all new/changed functionality (or N/A)
Note: I'm on a time-crunch and decided at the last minute to open a PR instead of "going it alone". I'll circle back and flesh this out more when I have spare time (... as if that will ever truly be the case...)
Support multiple issuer:audience combinations by introducing an option for the expectedClaims. WithExpectedClaims can be called with multiple jwt.Expected parameters to allow different Issuer:Audience combinations to validate tokens
feat: support multiple issuers in a provider using WithAdditionalIssuers option
Every effort has been made to ensure backwards compatibility. Some error messages will be different due to the wrapping of errors when multiple jwt.Expected are set. When validating the jwt, if an error is encountered, instead of returning immediately, the current error is wrapped. This is good and bad. Good because all verification failure causes are captured in a single wrapped error; Bad because all verification failure causes are captured in a single monolithic wrapped error. Unwrapping the error can be tedious if many jwt.Expected are included. There is likely a better way but this suits my purposes.
A few more test cases may be needed in order to achieve true confidence in this change
π Checklist
π§ Changes
π References
π¬ Testing