feat: Feat magic link (#279)

* licensemanager issuer

* Refactor ParseApiToken to validate issuer.

Updated the ParseApiToken method to include an expectedIssuer parameter and validate the token's issuer against it. Adjusted corresponding method calls to supply the correct issuer value for improved security and consistency.

* removed expected issuer

Author: Shivam-nagar23

authenticator/middleware/sessionmanager.go

@@ -47,6 +47,8 @@ const (
 	// ApiTokenClaimIssuer is the issuer who generated api-token for APIs
 	ApiTokenClaimIssuer = "apiTokenIssuer"
 
+	LicenseManagerClaimIssuer = "licenseManagerIssuer"
+
 	// invalidLoginError, for security purposes, doesn't say whether the username or password was invalid.  This does not mitigate the potential for timing attacks to determine which is which.
 	invalidLoginError         = "Invalid username or password"
 	blankPasswordError        = "Blank passwords are not allowed"
@@ -221,6 +223,8 @@ func (mgr *SessionManager) VerifyToken(tokenString string) (jwt.Claims, error) {
 		return mgr.Parse(tokenString)
 	case ApiTokenClaimIssuer:
 		return mgr.ParseApiToken(tokenString)
+	case LicenseManagerClaimIssuer:
+		return mgr.ParseApiToken(tokenString)
 	default:
 		// IDP signed token
 		prov, err := mgr.provider()