Add app_metadata property to the token.

[yageek]

Update the instanciation of the inputs according to the documentation.
Add the possibility to create app_metadata within the token.

[LordZardeck]

@yageek Sorry, somehow missed the notification for your PR, i'll check this out today.

[LordZardeck]

@yageek Looking at an extension from luckymarmot itself, it appears there is usage of both types of input. Is there documentation for both? https://github.com/luckymarmot/Paw-JsonWebTokenDynamicValue/blob/master/src/JsonWebTokenDynamicValue.js#L10

[LordZardeck]

@yageek I'm not seeing where the change happened, and I don't know what the difference is between DynamicValueInput and InputField. Can you elaborate and provide links to documentation?

[yageek]

The original purpose of the PR was to be able to provide fake value for the app_metadata value of the JWT. The documentation is hosted here: https://paw.cloud/docs/extensions/input-fields

[LordZardeck]

@yageek Yeah, i see that documentation, i guess what concerns me is there any functionality changes that could be breaking between the two input types. I'll have to go through the changelogs and see if they say anything about it. Also, are you sure app_metadata is the correct name? Didn't Auth0 change that in their new API?

[LordZardeck]

@tacomanator Since you've been on a roll contributing to this project, can you verfiy that app_metadata is the correct field matching? If it is, can you resolve the conflicts for this PR?

If they are 2 different things, maybe we should have a selection to choose the appropriate property?

[tacomanator]

To be honest I don't use metadata right now, so not sure how to test. Is the metadata even included in the token? I thought metadata is sent with the signup request, and can be retrieved via the api. What does it have to do with the token?

[LordZardeck]

@tacomanator it's useful when you need data about the user when they login instead of making multiple requests before being able to do anything. By being embedded in the token, any request with that token has that vital information. I imagine though it's a small use case, only if the API you are sending the token to absolutely needs it

[LordZardeck]

@yageek Can you explain the exact use case for this?

[yageek]

I was using the Authorization API that adds elements inside app_metadata about the user privileges. Those elements could be checked server side. You can see an example in the last part of the readme of this project: https://github.com/auth0-community/go-auth0 (Gin section)

[LordZardeck]

Yeah, so this Auth0 documentation states that it used to be metadata but has since changed to app_metadata. I'm okay with only supporting app_metadata as it doesn't break backwards compatibility. @yageek If you resolve the conflicts, and test, i'll merge this in