add global jwt_issuer_format option (#5508)

Add a corresponding global setting for the existing route-level
jwt_issuer_format option. The route-level option will take precedence
when set to a non-empty string.

authorize/internal/store/store.go

@@ -33,6 +33,7 @@ type Store struct {
 	googleCloudServerlessAuthenticationServiceAccount atomic.Pointer[string]
 	jwtClaimHeaders                                   atomic.Pointer[map[string]string]
 	jwtGroupsFilter                                   atomic.Pointer[config.JWTGroupsFilter]
+	defaultJWTIssuerFormat                            atomic.Pointer[config.JWTIssuerFormat]
 	signingKey                                        atomic.Pointer[jose.JSONWebKey]
 }
 
@@ -66,6 +67,13 @@ func (s *Store) GetJWTGroupsFilter() config.JWTGroupsFilter {
 	return config.JWTGroupsFilter{}
 }
 
+func (s *Store) GetDefaultJWTIssuerFormat() config.JWTIssuerFormat {
+	if f := s.defaultJWTIssuerFormat.Load(); f != nil {
+		return *f
+	}
+	return ""
+}
+
 func (s *Store) GetSigningKey() *jose.JSONWebKey {
 	return s.signingKey.Load()
 }
@@ -89,6 +97,12 @@ func (s *Store) UpdateJWTGroupsFilter(groups config.JWTGroupsFilter) {
 	s.jwtGroupsFilter.Store(&groups)
 }
 
+// UpdateDefaultJWTIssuerFormat updates the JWT groups filter in the store.
+func (s *Store) UpdateDefaultJWTIssuerFormat(format config.JWTIssuerFormat) {
+	// This isn't used by the Rego code, so we don't need to write it to the opastorage.Store instance.
+	s.defaultJWTIssuerFormat.Store(&format)
+}
+
 // UpdateRoutePolicies updates the route policies in the store.
 func (s *Store) UpdateRoutePolicies(routePolicies []*config.Policy) {
 	s.write("/route_policies", routePolicies)