From 929d13ef2300396ba5f478879bd088b985cd2cc7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20Busqu=C3=A9?= <marc.busque@remote.com>
Date: Fri, 12 Jul 2024 16:49:25 +0200
Subject: [PATCH] Properly support issuer claim

Closes #272
---
 README.md         | 7 +++++++
 lib/devise/jwt.rb | 4 ++++
 2 files changed, 11 insertions(+)

diff --git a/README.md b/README.md
index a2340e6..90124ea 100644
--- a/README.md
+++ b/README.md
@@ -577,6 +577,13 @@ Request/response header which will transmit the JWT token.
 
 Defaults to 'Authorization'
 
+#### issuer
+
+Expected issuer claim. If present, it will be checked against the incoming
+token issuer claim and authorization will be skipped if they don't match.
+
+Defaults to nil.
+
 #### aud_header
 
 Request header which content will be stored to the `aud` claim in the payload.
diff --git a/lib/devise/jwt.rb b/lib/devise/jwt.rb
index 2dd90f3..1662608 100644
--- a/lib/devise/jwt.rb
+++ b/lib/devise/jwt.rb
@@ -62,6 +62,10 @@ def self.forward_to_warden(setting, value)
             default: Warden::JWTAuth.config.token_header,
             constructor: ->(value) { forward_to_warden(:token_header, value) })
 
+    setting(:issuer,
+            default: Warden::JWTAuth.config.issuer,
+            constructor: ->(value) { forward_to_warden(:issuer, value) })
+
     setting(:aud_header,
             default: Warden::JWTAuth.config.aud_header,
             constructor: ->(value) { forward_to_warden(:aud_header, value) })