feat: add multiple provider support (#3089)

* Remove `crewai signup` command, update docs

* Add `Settings.clear()` and clear settings before each login

* Add pyjwt

* Remove print statement from ToolCommand.login()

* Remove auth0 dependency

* Update docs

src/crewai/cli/authentication/utils.py

@@ -1,32 +1,63 @@
 import json
 import os
 import sys
-from datetime import datetime, timedelta
+from datetime import datetime
 from pathlib import Path
 from typing import Optional
-
-from auth0.authentication.token_verifier import (
-    AsymmetricSignatureVerifier,
-    TokenVerifier,
-)
+import jwt
+from jwt import PyJWKClient
 from cryptography.fernet import Fernet
 
-from .constants import AUTH0_CLIENT_ID, AUTH0_DOMAIN
 
-
-def validate_token(id_token: str) -> None:
+def validate_jwt_token(
+    jwt_token: str, jwks_url: str, issuer: str, audience: str
+) -> dict:
     """
-    Verify the token and its precedence
-
-    :param id_token:
+    Verify the token's signature and claims using PyJWT.
+    :param jwt_token: The JWT (JWS) string to validate.
+    :param jwks_url: The URL of the JWKS endpoint.
+    :param issuer: The expected issuer of the token.
+    :param audience: The expected audience of the token.
+    :return: The decoded token.
+    :raises Exception: If the token is invalid for any reason (e.g., signature mismatch,
+                       expired, incorrect issuer/audience, JWKS fetching error,
+                       missing required claims).
     """
-    jwks_url = f"https://{AUTH0_DOMAIN}/.well-known/jwks.json"
-    issuer = f"https://{AUTH0_DOMAIN}/"
-    signature_verifier = AsymmetricSignatureVerifier(jwks_url)
-    token_verifier = TokenVerifier(
-        signature_verifier=signature_verifier, issuer=issuer, audience=AUTH0_CLIENT_ID
-    )
-    token_verifier.verify(id_token)
+
+    decoded_token = None
+
+    try:
+        jwk_client = PyJWKClient(jwks_url)
+        signing_key = jwk_client.get_signing_key_from_jwt(jwt_token)
+
+        decoded_token = jwt.decode(
+            jwt_token,
+            signing_key.key,
+            algorithms=["RS256"],
+            audience=audience,
+            issuer=issuer,
+            options={
+                "verify_signature": True,
+                "verify_exp": True,
+                "verify_nbf": True,
+                "verify_iat": True,
+                "require": ["exp", "iat", "iss", "aud", "sub"],
+            },
+        )
+        return decoded_token
+
+    except jwt.ExpiredSignatureError:
+        raise Exception("Token has expired.")
+    except jwt.InvalidAudienceError:
+        raise Exception(f"Invalid token audience. Expected: '{audience}'")
+    except jwt.InvalidIssuerError:
+        raise Exception(f"Invalid token issuer. Expected: '{issuer}'")
+    except jwt.MissingRequiredClaimError as e:
+        raise Exception(f"Token is missing required claims: {str(e)}")
+    except jwt.exceptions.PyJWKClientError as e:
+        raise Exception(f"JWKS or key processing error: {str(e)}")
+    except jwt.InvalidTokenError as e:
+        raise Exception(f"Invalid token: {str(e)}")
 
 
 class TokenManager:
@@ -56,14 +87,14 @@ class TokenManager:
         self.save_secure_file(key_filename, new_key)
         return new_key
 
-    def save_tokens(self, access_token: str, expires_in: int) -> None:
+    def save_tokens(self, access_token: str, expires_at: int) -> None:
         """
         Save the access token and its expiration time.
 
         :param access_token: The access token to save.
-        :param expires_in: The expiration time of the access token in seconds.
+        :param expires_at: The UNIX timestamp of the expiration time.
         """
-        expiration_time = datetime.now() + timedelta(seconds=expires_in)
+        expiration_time = datetime.fromtimestamp(expires_at)
         data = {
             "access_token": access_token,
             "expiration": expiration_time.isoformat(),