JWT Auth Bundle with multiple audience

, ,

Please include the following information in your post:

Version 4.0.0
PHP platform

api_identifier_array and secret_base64_encoded are no longer used

They dropped the possibility to have multiple audiences configured with the option api_identifier_array. It was working in version 3.x and now in new major release it is removed. Is there any replacement solution ?

Thanks

Hey there!

@evansims would you be able to follow-up on that?

1 Like

Hi @Aless :wave: Support for multiple audiences was removed from the Symfony library in v4 as the underlying Auth0-PHP SDK dependency was also upgraded at that time, from v5 to v6, and v6 does not support multiple audiences. This feature was restored in Auth0-PHP SDK v7, but the Symfony library has not yet been upgraded to support v7. I don’t currently have an ETA to share for when that library will be getting a new major to upgrade it, but it is in our radar.

I don’t have an simple workaround or replacement solution to suggest at the moment, I’m afraid. Off the top of my head, the only suggestion that comes to mind would be to perhaps extend the Symfony library’s Auth0Service and override the desired behavior inside it’s decodeJWT method. Then you could pass your customized Auth0Service to JWTAuthenticator during initialization so that it’s createToken method uses that behavior.