Fixed issuer when site and api are diff domains (#10806)

no-issue

The issuer value is used through the members code base as the identifier
for the members api. The existing code did not take into account that
the domain/url for the site could be different than for the admin (and
the apis).

core/server/services/auth/members/index.js

@@ -18,11 +18,11 @@ module.exports = {
             const {protocol, host} = url.parse(config.get('url'));
             const siteOrigin = `${protocol}//${host}`;
 
-            UNO_MEMBERINO = jwt({
+            UNO_MEMBERINO = membersService.getPublicConfig().then(({issuer}) => jwt({
                 credentialsRequired: false,
                 requestProperty: 'member',
                 audience: siteOrigin,
-                issuer: siteOrigin,
+                issuer,
                 algorithm: 'RS512',
                 secret(req, payload, done) {
                     membersService.getPublicConfig().then(({publicKey}) => {
@@ -42,8 +42,10 @@ module.exports = {
 
                     return credentials;
                 }
-            });
+            }));
         }
-        return UNO_MEMBERINO;
+        return function (req, res, next) {
+            UNO_MEMBERINO.then(fn => fn(req, res, next)).catch(next);
+        };
     }
 };

core/server/services/members/api.js

@@ -116,16 +116,8 @@ const siteOrigin = doBlock(() => {
     return `${protocol}//${host}`;
 });
 
-const getApiUrl = ({version, type}) => {
+const contentApiUrl = urlUtils.urlFor('api', {version: 'v2', type: 'content'}, true);
-    const {href} = new url.URL(
+const membersApiUrl = urlUtils.urlFor('api', {version: 'v2', type: 'members'}, true);
-        urlUtils.getApiPath({version, type}),
-        siteUrl
-    );
-    return href;
-};
-
-const contentApiUrl = getApiUrl({version: 'v2', type: 'content'});
-const membersApiUrl = getApiUrl({version: 'v2', type: 'members'});
 
 const accessControl = {
     [siteOrigin]: {