When the JWT id_token lacks a sub claim, the cache key would be
auth0-profile:undefined, causing all users without a sub to share
the same cached profile. Now skips caching entirely when sub is
missing and fetches the profile directly.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jack Palmer <jackpalmer@spotify.com>
Replace manual base64 JWT decoding with jose's decodeJwt for
correctness and consistency with other auth modules. Add jose
as a dependency.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jack Palmer <jackpalmer@spotify.com>
Auth0 rotates refresh tokens on each use, causing cache misses every
time. Use the user's sub claim from the ID token as the cache key
instead, which is stable per user.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com>
Every page refresh triggers the auth0 authenticator to fetch the user
profile from Auth0's /userinfo API. Auth0 enforces strict rate limits on
this endpoint, causing failures at scale.
Add a createAuth0Authenticator factory that accepts an optional
CacheService to cache profile responses with a 1-minute TTL. The module
now uses the cached variant by default. The existing auth0Authenticator
export remains available for use without caching.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jack Palmer <jackpalmer@spotify.com>
Replace manual string concatenation with URL and URLSearchParams for
safer encoding and better readability.
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The `federated` config key was ambiguous. Rename to `federatedLogout`
for clarity since it specifically controls federated logout behavior.
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The origin header is always present in browser POST requests, making
the fallback scenario unreachable in practice.
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add server-side URL validation for logoutUrl (HTTPS + localhost only),
origin validation on the logout endpoint, and a configurable `federated`
option (default false) for Auth0 provider logout. Includes comprehensive
test coverage for all security controls.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jack Palmer <jackpalmer@spotify.com>
github-actions[bot]