fix(cloud): Disable audiance validation for PAT, changed issues

cloud/src/Signal.Api.Common/Auth/Auth0Authenticator.cs

@@ -42,14 +42,16 @@ public Auth0Authenticator(string auth0Domain, IEnumerable<string> audiences, boo
         string token,
         CancellationToken cancellationToken = default)
     {
-        if (this.handler.ReadJwtToken(token).Issuer == "signalcopat") // Same as in PatService (where PAT is created)
+        if (this.handler.ReadJwtToken(token).Issuer == "https://api.signalco.io/") // Same as in PatService (where PAT is created)
         {
             // TODO: Optimize by caching these parameters (not changing)
             var patParameters = new TokenValidationParameters
             {
                 ValidateIssuerSigningKey = true,
                 IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(
-                    await this.secretsProvider.GetSecretAsync(SecretKeys.PatSigningToken, cancellationToken)))
+                    await this.secretsProvider.GetSecretAsync(SecretKeys.PatSigningToken, cancellationToken))),
+                ValidateAudience = false,
+                ValidIssuer = "https://api.signalco.io/"
             };
             var user = this.handler.ValidateToken(token, patParameters, out var validatedToken);
             return (user, validatedToken);

cloud/src/Signal.Core/Auth/PatService.cs

@@ -15,7 +15,7 @@
 namespace Signal.Core.Auth;
 
 public class PatService(
-    IAzureStorage storage, 
+    IAzureStorage storage,
     IAzureStorageDao dao,
     ISecretsProvider secretsProvider) : IPatService
 {
@@ -25,16 +25,16 @@ public async Task VerifyAsync(string userId, string pat, CancellationToken cance
             throw new ExpectedHttpException(HttpStatusCode.Unauthorized);
     }
 
-    public Task<IEnumerable<IPat>> GetAllAsync(string userId, CancellationToken cancellationToken = default) => 
+    public Task<IEnumerable<IPat>> GetAllAsync(string userId, CancellationToken cancellationToken = default) =>
         dao.PatsAsync(userId, cancellationToken);
 
     public async Task<string> CreateAsync(IPatCreate patCreate, CancellationToken cancellationToken = default)
     {
         var token = await this.JwtTokenAsync(patCreate.UserId, patCreate.Expire, cancellationToken);
         var hash = PatHashSha256(patCreate.UserId, token);
         await storage.PatCreateAsync(
-            patCreate.UserId, 
-            token[^4..], hash, 
+            patCreate.UserId,
+            token[^4..], hash,
             patCreate.Alias,
             patCreate.Expire, cancellationToken);
         return token;
@@ -51,7 +51,7 @@ private async Task<string> JwtTokenAsync(string userId, DateTime? expire, Cancel
         };
         var tokenDescriptor = new SecurityTokenDescriptor
         {
-            Issuer = "signalcopat",
+            Issuer = "https://api.signalco.io/",
             Subject = new ClaimsIdentity(claims),
             Expires = expire,
             SigningCredentials = signingCredentials
@@ -65,7 +65,7 @@ private static string PatHashSha256(string key, string pat)
     {
         var hash = new StringBuilder();
         var crypto = HMACSHA512.HashData(Encoding.UTF8.GetBytes(key), Encoding.UTF8.GetBytes(pat));
-        foreach (var theByte in crypto) 
+        foreach (var theByte in crypto)
             hash.Append(theByte.ToString("x2"));
         return hash.ToString();
     }