ClientAssertionGenerator has a static expiry of 180 seconds.

[danrossi]

Checklist

• This can be reproduced in the quickstart sample application.
• I have reviewed the README.md and have not found a solution.
• I have reviewed the EXAMPLES.md and have not found a solution.
• I have searched previous issues and have not found a solution.
• I have searched the Auth0 Community and have not found a solution.
• I agree to adhere to the Auth0 General Contribution Guidelines.
• I agree to uphold the Auth0 Code of Conduct.

SDK Version

8.7

PHP Version

PHP 8.2

Description

I'm trying to mock up using the api to generate RS tokens to be validated from a java backend using auth0 java library. I have a backend I need to show php examples how to generate tokens. However it can't be done from the main api, the method has to be used directly. Most of it is tied to verification and http requests rather than just uncoupled token generation. The sample app doesn't generate api tokens just verifies.

The java library is much more concise generating tokens than the php one.

I found this method has a static expiry so can't be used. So the internal Generate api needs to be used and all that code duplicated and made external. Expiry needs to be a configuration perhaps ?

How can we reproduce this issue?

auth0-PHP/src/Token/ClientAssertionGenerator.php

Line 56 in cc7abb9

'exp' => $now + 180,

[evansims]

Hi @danrossi 👋

The ClientAssertionGenerator is only intended for generating JSON Web Token Client Assertions, otherwise known as "private key JWTs." https://auth0.com/docs/get-started/authentication-and-authorization-flow/authenticate-with-private-key-jwt The SDK uses it internally when a clientAssertionSigningKey is configured.

It sounds like you might be looking for more of a general-purpose token generator of some kind, if I understand. The SDK includes the Auth0\SDK\Token\Generator class, which might be more useful here — but if you could please clarify your use case a bit for me, I can try to help.