Support Client Assertion authentication on authentication client

[ewanharris]

🔧 Changes

Introduces support for using Client Assertion to the authentication client, this is for use when the Authentication Method is set to Private Ket JWT. This is supported using the WithClientAssertion option that can be passed instead of the existing WithClientSecret

jwtPrivateKey := `-----BEGIN PRIVATE KEY-----
.......
-----END PRIVATE KEY-----`

api, err := New(
	context.Background(),
	domain,
	WithClientID(clientID),
	WithClientAssertion(jwtPrivateKey, "RS256"),
)

if err != nil {
	log.Fatal(err)
}

tokenSet, err := api.OAuth.LoginWithClientCredentials(context.Background(), oauth.LoginWithClientCredentialsRequest{}, oauth.IDTokenValidationOptions{})

if err != nil {
	log.Fatal(err)
}

log.Print(tokenSet)

📚 References

🔬 Testing

📝 Checklist

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

[Widcket]

Should the && in (body.Get("client_secret") == "" && body.Get("client_assertion") == "") be a ||?

[ewanharris]

We want to error here if both values are empty as the they can be used independently of each other, so if client_secret is empty but client_assertion is not then we can continue

[Widcket]

Just out of curiosity, where does this 2 minute exp come from?

[ewanharris]

I was aligning with the value set by the node-auth0 v4 beta here, I think there's not really a specific reason for picking 2 minutes, the only requirement is that exp must be a value no more than 5 minutes after the iat

[Widcket]

Would it make sense for this exp value to be configurable?

[ewanharris]

I don't think we currently support configuring this on any other SDK and I haven't seen any request to do so yet, so I'd maybe defer to adding if we get a request

[codecov-commenter]

Codecov Report

Patch coverage: 76.23% and project coverage change: -0.24% ⚠️

Comparison is base (4c4f9dc) 94.89% compared to head (84b9185) 94.66%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #260      +/-   ##
==========================================
- Coverage   94.89%   94.66%   -0.24%     
==========================================
  Files          46       46              
  Lines        8441     8523      +82     
==========================================
+ Hits         8010     8068      +58     
- Misses        337      353      +16     
- Partials       94      102       +8     

Files Changed	Coverage Δ
authentication/authentication.go	89.53% <ø> (ø)
authentication/passwordless.go	81.48% <53.12%> (-18.52%)	⬇️
authentication/oauth.go	89.77% <85.93%> (-2.79%)	⬇️
authentication/authentication_option.go	93.61% <100.00%> (+0.75%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sergiught]

Just very small suggestions, overall things look good 👍🏻

[sergiught]

Should we use url.JoinPath here instead? If the domain already contains "/"?

[ewanharris]

Yeah that's a good point, on reflection it's probably a bit wasteful to have a separate domain here (just for the added /) when we already have url

[sergiught]

Suggested change