feat: Multiple custom domain

Author: ankita10119

MCD_EXAMPLES.md

@@ -35,5 +35,11 @@
   },
   "engines": {
     "node": "^12.19.0 || ^14.15.0 || ^16.13.0 || ^18.12.0 || ^20.2.0 || ^22.1.0"
-  }
+  },
+  "description": "_This package is not published_",
+  "directories": {
+    "test": "test"
+  },
+  "keywords": [],
+  "type": "commonjs"
 }

packages/access-token-jwt/package.json

@@ -63,20 +63,27 @@ const discover = async ({
   throw new Error('Failed to fetch authorization server metadata');
 };
 
-export default (opts: DiscoverOptions) => {
-  let discovery: Promise<IssuerMetadata> | undefined;
-  let timestamp = 0;
+export default (opts: Omit<DiscoverOptions, 'issuerBaseURL'>) => {
+  // Support multiple issuers by caching discovery per issuerBaseURL
+  const discoveryCache = new Map<
+    string,
+    { promise: Promise<IssuerMetadata>; timestamp: number }
+  >();
 
-  return () => {
+  return (issuerBaseURL: string) => {
     const now = Date.now();
+    const cached = discoveryCache.get(issuerBaseURL);
 
-    if (!discovery || now > timestamp + opts.cacheMaxAge) {
-      timestamp = now;
-      discovery = discover(opts).catch((e) => {
-        discovery = undefined;
+    if (!cached || now > cached.timestamp + opts.cacheMaxAge) {
+      const timestamp = now;
+      const promise = discover({ ...opts, issuerBaseURL }).catch((e) => {
+        discoveryCache.delete(issuerBaseURL);
         throw e;
       });
+      discoveryCache.set(issuerBaseURL, { promise, timestamp });
+      return promise;
     }
-    return discovery;
+
+    return cached.promise;
   };
 };

packages/access-token-jwt/src/discovery.ts

@@ -19,22 +19,28 @@ export default ({
   cacheMaxAge,
   secret
 }: JWKSOptions) => {
-  let getKeyFn: GetKeyFn;
-  let prevjwksUri: string;
+  // Support multiple issuers by caching getKeyFn per jwksUri
+  const keyFnCache = new Map<string, GetKeyFn>();
 
   const secretKey = secret && createSecretKey(Buffer.from(secret));
 
   return (jwksUri: string) => {
     if (secretKey) return () => secretKey;
-    if (!getKeyFn || prevjwksUri !== jwksUri) {
-      prevjwksUri = jwksUri;
+
+    // Check if we have a cached getKeyFn for this jwksUri
+    let getKeyFn = keyFnCache.get(jwksUri);
+
+    if (!getKeyFn) {
+      // Create new getKeyFn for this jwksUri and cache it
       getKeyFn = createRemoteJWKSet(new URL(jwksUri), {
         agent,
         cooldownDuration,
         timeoutDuration,
         cacheMaxAge,
       });
+      keyFnCache.set(jwksUri, getKeyFn);
     }
+
     return getKeyFn;
   };
 };

packages/access-token-jwt/src/get-key-fn.ts

@@ -14,6 +14,14 @@ export {
   VerifyJwtResult,
   JWTPayload,
   JWSHeaderParameters as JWTHeader,
+  Auth0MCDOptions,
+  AsymmetricIssuerConfig,
+  SymmetricIssuerConfig,
+  IssuerConfig,
+  IssuerResolverContext,
+  IssuerResolverResult,
+  IssuerResolverFunction,
+  RequestContext,
 } from './jwt-verifier';
 export {
   InvalidTokenError,