Validate token with tenant domain in case of custom domain

When a token is issued, the token issuer is validated against the domain within the configuration.
However, when a custom domain is provided within the SDK configuration, the issuer is validated against the custom domain.

This fix will, in case of custom domain set in SDK configuration, validates the custom domain at first against the issuer within the token.
Whenever this fails, fallback to the tenant domain set in the SDK Configuration.

Use case:
- A tenant domain is set
- A custom domain is set

All auth0 requests (e.g. token and validation) are sent to custom domain.
In certain situations, the custom domain acts as a proxy that actually does some extended validation on the client request and redirects the requests to the actual tenant domain.
Therefor, the tenant domain is the origin issuer of the token, while the requests are proxied through the custom domain.

src/Token.php

@@ -254,6 +254,7 @@ public function validate(
         ?int $tokenLeeway = null,
         ?int $tokenNow = null,
     ): self {
+        $tenantDomain = $this->configuration->formatDomain(true) . "/";
         $tokenIssuer ??= $this->configuration->formatDomain() . '/';
         $tokenAudience ??= $this->configuration->getAudience() ?? [];
         $tokenOrganization ??= $this->configuration->getOrganization() ?? null;
@@ -275,8 +276,16 @@ public function validate(
             }
         }
 
+        try {
+            $validator->issuer($tokenIssuer);
+        } catch (InvalidTokenException $invalidTokenException) {
+            if($tenantDomain !== $tokenIssuer) {
+                $validator->issuer($tenantDomain);
+            }
+            throw $invalidTokenException;
+        }
+
         $validator
-            ->issuer($tokenIssuer)
             ->audience($tokenAudience)
             ->expiration($tokenLeeway, $tokenNow);