Open
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds support for Multiple Custom Domains to enable multi-tenant architectures where APIs need to accept JWT tokens from multiple Auth0 custom domains. The implementation includes a custom configuration manager that maintains separate OIDC configurations per domain, with both static domain lists and dynamic runtime resolution support.
Changes:
- Added
Auth0CustomDomainsConfigurationManagerwith automatic OIDC discovery and JWKS fetching per domain - Implemented two cache strategies:
MemoryConfigurationManagerCache(default) andNullConfigurationManagerCache(no-op) - Added pre-validation via
MessageReceivedHandlerto reject invalid tokens before network calls - Extended
Auth0ApiAuthenticationBuilderwith fluentWithCustomDomains()API - Updated documentation with comprehensive examples and integration patterns
Reviewed changes
Copilot reviewed 26 out of 26 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| AuthenticationBuilderExtensions.cs | Added WithCustomDomains() extension method and validation logic |
| Auth0CustomDomainsConfigurationManager.cs | Core configuration manager implementing per-domain OIDC configuration |
| Auth0CustomDomainsOptions.cs | Configuration class supporting static domains and dynamic resolution |
| TokenValidationHelper.cs | Pre-validation utility for token extraction and issuer validation |
| IConfigurationManagerCache.cs | Cache abstraction with two implementations |
| MemoryConfigurationManagerCache.cs | In-memory cache with size limits and sliding expiration |
| NullConfigurationManagerCache.cs | No-op cache implementation |
| DisposableConfigurationManagerWrapper.cs | Wrapper managing HttpClient lifecycle |
| MessageReceivedHandler.cs | Event handler for early token validation in pipeline |
| CustomDomainsEventsFactory.cs | Factory for creating chained JWT Bearer events |
| Auth0CustomDomainsPostConfigureOptions.cs | IPostConfigureOptions for injecting custom ConfigurationManager |
| Auth0Constants.cs | Added error description constants for custom domains |
| README.md | Added feature overview and key capabilities section |
| EXAMPLES.md | Reorganized structure and added three comprehensive custom domains examples |
| Test files | Added comprehensive unit and integration tests |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
src/Auth0.AspNetCore.Authentication.Api/AuthenticationBuilderExtensions.cs
Outdated
Show resolved
Hide resolved
src/Auth0.AspNetCore.Authentication.Api/CustomDomains/MemoryConfigurationManagerCache.cs
Show resolved
Hide resolved
src/Auth0.AspNetCore.Authentication.Api/AuthenticationBuilderExtensions.cs
Show resolved
Hide resolved
src/Auth0.AspNetCore.Authentication.Api/CustomDomains/TokenValidationHelper.cs
Show resolved
Hide resolved
tests/Auth0.AspNetCore.Authentication.Api.IntegrationTests/CustomDomainsIntegrationTests.cs
Outdated
Show resolved
Hide resolved
...ore.Authentication.Api.UnitTests/CustomDomains/DisposableConfigurationManagerWrapperTests.cs
Outdated
Show resolved
Hide resolved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
✏️ Changes
This PR adds Multiple Custom Domains support.
Added:
Auth0CustomDomainsConfigurationManager- Core configuration manager that maintains separate OIDC configurations per domain with automatic discovery and JWKS fetchingAuth0CustomDomainsOptions- Configuration class supporting both static domain lists (Domains) and dynamic runtime resolution (DomainsResolver)IConfigurationManagerCacheinterface with two implementations:MemoryConfigurationManagerCache- In-memory cache with configurable size and sliding expiration (default: 100 entries, 10 min)NullConfigurationManagerCache- No-op cache for testing or scenarios requiring fresh config on every requestTokenValidationHelper- Pre-validation utility that extracts and validates token issuer before any network calls, rejects symmetric algorithms (HS256/HS384)Auth0CustomDomainsPostConfigureOptions- IPostConfigureOptions implementation for setting custom ConfigurationManagerCustomDomainsEventsFactory- Event handler factory for chaining custom domains validation with existing JWT Bearer eventsMessageReceivedHandler- Event handler for early token validation in MessageReceived pipelineWithCustomDomains()onAuth0ApiAuthenticationBuilderfor fluent APIModified:
AuthenticationBuilderExtensions.cs- Added custom domains configuration and validation logicAuth0Constants.cs- AddedCustomDomains.Error.Descriptionconstants for error handling🔗 References
N/A
🎯 Testing
Adds Unit and Integration test cases
This change adds unit test coverage
This change adds integration test coverage
This change has been tested on the latest version (.NET 8.0)
✅ Checklist