Spring Boot - JWT Multi-Tenant support

Hi All,

I’m really hoping someone can help me out here.

So we have to separate Tenants on Auth0 and I have a Spring Boot API (v2.5.4) which both tenants need access to.

Looking at the spring doc’s its easy to add multiple issuer’s by doing the following in the spring security config:

 @Override
    protected void configure(HttpSecurity http) throws Exception {
        JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver
                ("https://tenant1-dev.eu.auth0.com/", "https://tenant2-dev.eu.auths0.com/");

see: Redirecting...

And this works fine for me. However I want to be able to validate the aud in the JWT and looking at the Auth0 docs they suggest the following:

   @Bean
    @Primary
    JwtDecoder jwtDecoder() {
        /*
        By default, Spring Security does not validate the "aud" claim of the token, to ensure that this token is
        indeed intended for our app. Adding our own validator is easy to do:
        */

        NimbusJwtDecoder jwtDecoder = (NimbusJwtDecoder)
                JwtDecoders.fromOidcIssuerLocation(issuer);

        OAuth2TokenValidator<Jwt> audienceValidator = new AudienceValidator(audience);
        OAuth2TokenValidator<Jwt> withIssuer = JwtValidators.createDefaultWithIssuer(issuer);
        OAuth2TokenValidator<Jwt> withAudience = new DelegatingOAuth2TokenValidator<>(withIssuer, audienceValidator);

        jwtDecoder.setJwtValidator(withAudience);

        return jwtDecoder;
    }

Now how can I use this JwtDecoder when there are multiple issuer’s?

Thanks and hoping someone can help me here!