junobuild · peterpeterparker · Jan 30, 2026 · Jan 30, 2026 · Jan 30, 2026
diff --git a/src/libs/auth/src/openid/impls.rs b/src/libs/auth/src/openid/impls.rs
@@ -1,4 +1,5 @@
 use crate::openid::jwt::types::cert::Jwks;
+use crate::openid::jwt::types::provider::JwtIssuers;
 use crate::openid::types::provider::{OpenIdCertificate, OpenIdDelegationProvider, OpenIdProvider};
 use junobuild_shared::data::version::next_version;
 use junobuild_shared::ic::api::time;
@@ -48,6 +49,12 @@ impl OpenIdDelegationProvider {
     }
 }
 
+impl JwtIssuers for OpenIdDelegationProvider {
+    fn issuers(&self) -> &[&'static str] {
+        self.issuers()
+    }
+}
+
 impl Versioned for OpenIdCertificate {
     fn version(&self) -> Option<Version> {
         self.version

diff --git a/src/libs/auth/src/openid/jwt/provider.rs b/src/libs/auth/src/openid/jwt/provider.rs
@@ -1,16 +1,19 @@
 use crate::openid::jwt::header::decode_jwt_header;
 use crate::openid::jwt::types::errors::JwtFindProviderError;
+use crate::openid::jwt::types::provider::JwtIssuers;
 use crate::openid::jwt::types::token::UnsafeClaims;
-use crate::openid::types::provider::OpenIdDelegationProvider;
-use crate::state::types::config::{OpenIdAuthProviderConfig, OpenIdAuthProviders};
 use jsonwebtoken::dangerous;
+use std::collections::BTreeMap;
 
 /// ⚠️ **Warning:** This function decodes the JWT payload *without verifying its signature*.
 /// Use only to inspect claims (e.g., `iss`) before performing a verified decode.
-pub fn unsafe_find_jwt_provider<'a>(
-    providers: &'a OpenIdAuthProviders,
+pub fn unsafe_find_jwt_provider<'a, Provider, Config>(
+    providers: &'a BTreeMap<Provider, Config>,
     jwt: &str,
-) -> Result<(OpenIdDelegationProvider, &'a OpenIdAuthProviderConfig), JwtFindProviderError> {
+) -> Result<(Provider, &'a Config), JwtFindProviderError>
+where
+    Provider: Clone + JwtIssuers,
+{
     // 1) Header sanity check
     decode_jwt_header(jwt).map_err(JwtFindProviderError::from)?;
 

diff --git a/src/libs/auth/src/openid/jwt/types.rs b/src/libs/auth/src/openid/jwt/types.rs
@@ -176,3 +176,9 @@ pub(crate) mod errors {
         BadClaim(String),
     }
 }
+
+pub mod provider {
+    pub trait JwtIssuers {
+        fn issuers(&self) -> &[&'static str];
+    }
+}