iss trailing slash

[Kastier1]

When the running JWTClaimsRegistry with iss=iss_claim_request the validate() if the iss in the request has a trailing slash and the jwt iss does not (Or vice versa) the validation fails.

This should not fail as they are the same issuer, one with a trailing slash one without.

Examples of both of these can be found if you do auth0 oidc (which requires a trailing slash) or entra oidc 2.0 which requires no trailing slash.

[lepture]

You can use https://jose.authlib.org/en/guide/jwt/#list-validation

claims_requests = JWTClaimsRegistry(
    iss={"values": ["https://authlib.org", "https://authlib.org/"]}
)
claims_requests.validate(claims)

[Kastier1]

This is a good workaround, would still be nice if it could handle this without having to specify it.

[lepture]

@Kastier1 this is not a workaround, this is how it works. joserfc is designed to be very strict and secure.