Published license identifier is not compliant with the SPDX license list

[mervyn-mccreight]

As for now the license is getting published as The MIT License (MIT) but according to https://spdx.org/licenses/MIT.html the SPDX-identifier would be MIT.

It would be nice to align it to the SPDX-identifier, because this makes it easier for tools like e.g. Gradle plugins to detect the used license by relying on the SPDX license identifiers.

IMO best would also be to publish the license URL as an official reference to the license, e.g. https://spdx.org/licenses/MIT.html in this case, this would also help tools to automatically check which license is applied by just checking the URL against an official list like the SPDX license list.

[jimmyjames]

Thanks @mervyn-mccreight - we will work with our compliance team to identify if this is something we can support both in this library and potentially other Auth0 libraries.

Can you provide some additional info on how the SPDX-identifier would be best incorporated? Would it just be adding the identifier to the LICENSE file, adding a LICENSE.spdx file, or adding the SPDX-identifier to each source file?

[jimmyjames]

This isn't something we are going to do in our repos in the near-term, but if there is additional requests or reasons for Auth0 to consider this we can consider in the future.