GetWellKnownEndpointsFromIssuerURL in internal/oidc/oidc.go should probably check the HTTP response code before trying to de-serialize a response body

[mdlam92]

Checklist

• I have looked into the README and have not found a suitable solution or answer.
• I have looked into the documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have upgraded to the latest version of this SDK and the issue still persists.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

If you've constructed your validator's issuer URL incorrectly and it tries to find your provider'sopenid-configuration at a bad location, a 404 makes its way to the JSON deserialize call and a really unhelpful error message bubbles its way up

Reproduction

1. given a bad issuer URL in validator.New
2. when GetWellKnownEndpointsFromIssuerURL is eventually called
3. then an unhelpful error is bubbled up cause GetWellKnownEndpointsFromIssuerURL doesn't check the HTTP response code

Go JWT Middleware version

2.2.2

Go version

1.23.4

[developerkunal]

Hi @mdlam92,

I hope you're having a great day!

I have opened a PR #316 to resolve this issue. Please take a look and let me know if it suffices or if there's anything else we need to address.

Thanks!