You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have an multi-tenant application. Every tenant of our application authenticates using oauth2 against a different OIDC RP. It would be nice if Micronaut security natively supported this case for oauth2 authentication. Every tenant should be able to resolve their own OpenIdClient/OauthClient, OpenIdProviderMetadata and all related tenat-specific configuration/beans.
Our custom implementation got a bit awkward after micronaut-security:4.8.0 introduced ReactiveJsonWebTokenSignatureValidator<SignedJWT> which is supposed to validate JWT token. The problem is that corresponding openid metadata (with matching JWKS uri to be used for a given tenant) is not being passed down to the validateSignature method. They have to be inferred from the context instead.
The text was updated successfully, but these errors were encountered:
Feature description
We have an multi-tenant application. Every tenant of our application authenticates using oauth2 against a different OIDC RP. It would be nice if Micronaut security natively supported this case for oauth2 authentication. Every tenant should be able to resolve their own
OpenIdClient/OauthClient,OpenIdProviderMetadataand all related tenat-specific configuration/beans.Our custom implementation got a bit awkward after
micronaut-security:4.8.0introducedReactiveJsonWebTokenSignatureValidator<SignedJWT>which is supposed to validate JWT token. The problem is that corresponding openid metadata (with matching JWKS uri to be used for a given tenant) is not being passed down to thevalidateSignaturemethod. They have to be inferred from the context instead.The text was updated successfully, but these errors were encountered: