Support multiple authorized parties in token validation

[mscc-sascha]

Description

Even when AuthorizedParty could be set to null or String.Empty, token validation always failed if multiple domains need to be supported as an authorized party.

Changes:

• Support multiple authorized parties by implementing AuthorizedParties in ClerkAuthenticationOptions as an Array of Strings
• Validate the if the claim value azp matches one of the supported authorized party

Sample

appsettings.json:

{
  "ClerkAuth": {
      "CLERK_JWT_AUDIENCE": ["http://localhost:5173", "http://api.dev.sample.com"], // <-- Add an array here
      "CLERK_JWT_ISSUER": "<your-clerk-issuer>",
      "CLERK_JWT_PUBLIC_KEY": "<your-public-key>",
      "CLERK_API_KEY": "<your-api-key>"
    }
}

// Adding Authentication
builder.Services.AddAuthentication(ClerkAuthenticationDefaults.AuthenticationScheme)
    .AddClerkAuthentication(x =>
    {
        x.Authority = builder.Configuration["ClerkAuth:CLERK_JWT_ISSUER"];
        x.AuthorizedParties = builder.Configuration.GetSection("ClerkAuth:CLERK_JWT_AUDIENCE").Get<List<string>>();
    });

[Hawxy]

This is a breaking change, could you obsolete the original rather than removing it entirely?

[mscc-sascha]

@Hawxy good catch, implemented the change!