fix: make issuer url validation follow the same check rules as the domain url validator

[thfsilvab]

Changes

This change makes the URL validation on getTokenIssuer at util.ts follow the same protocol validation rules as the function getDomain in the same file. I propose this change because, in case this library is used with other oauth providers, the issuer claim might have their protocol as http instead of https, resulting in this function appending https to an already well formed URL.

This is a problem that is actually impacting one of my applications in a development environment, the fix doesn't disrupt the current functionality but takes the validation that already exists for the domain URL. There are no UI changes, nor public API changes, only to one internal function.

A similar problem has been reported here before: https://community.auth0.com/t/invalid-id-token-issuer-iss-claim-mismatch-in-the-id-token/107904

If approved, I'd appreciate if this change could go in a patch release :)

References

Testing

• [x] This change adds unit test coverage
• [ ] This change adds integration test coverage
• [x] This change has been tested on the latest version of the platform/language

Checklist

• [x] I have read the Auth0 general contribution guidelines
• [x] I have read the Auth0 Code of Conduct
• [x] All code quality tools/guidelines have been run/followed