Private Key JWT support in OmniAuth::Strategies::Auth0

[kaczowkad]

Checklist

• I have looked into the Readme and the Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

The Auth0 documentation recommends using Private Key JWT. https://auth0.com/docs/secure/application-credentials#client-secret-authentication

To ​​improve your security posture, we recommend using the Private Key JWT authentication method.

The default authentication for Auth0 is client secret. The strategy provided by omniauth-auth0 only support client secret. It does not provide an option to use private key JWT or a separate strategy using private key JWT. Is there a reason private key JWT should not be used here?

Describe the ideal solution

Allow the OmniAuth::Strategies::Auth0 to be configured for client secret or private key JWT. Using private key JWT should not require providing a client secret.

Alternatives and current workarounds

Using OmniAuth::Strategies::Auth0 create a new strategy that only supports private key JWT. A few changes required to get authentication working.

Subclassing OmniAuth::Strategies::Auth0 and overriding methods as need was considered. The telemetry set by build_access_token is one obstacle. It would indicate the omniauth-auth0 gem was used which is not entirely accurate with an override.

Additional context

No response