How do I use multiple 'JWK Set Uri' values in the same Spring Boot app?
With spring boot this is not possible to do out of the box right now. Spring Security 5.3 provides functionality to do this (spring boot 2.2.6 still doesn't support spring security 5.3). Please see following issues:
https://github.com/spring-projects/spring-security/issues/7857
https://github.com/spring-projects/spring-security/pull/7887
It is possible to do manual configuration of resource server to use multiple identity providers, by following links that i have provided. Provided links are mainly for spring boot webflux development. For basic spring boot web development please see this video:
https://www.youtube.com/watch?v=ke13w8nab-k
This is possible as of Spring security 5.3+ using the JwtIssuerAuthenticationManagerResolver object
Override the configure(HttpSecurity http)
inside your configuration class which extends WebSecurityConfigurerAdapter
JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver(
"http://localhost:8080/auth/realms/SpringBootKeyClock",
"https://accounts.google.com/o/oauth2/auth",
"https://<subdomain>.okta.com/oauth2/default"
);
http.cors()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/user/info", "/api/foos/**")
.hasAnyAuthority("SCOPE_email")
.antMatchers(HttpMethod.POST, "/api/foos")
.hasAuthority("SCOPE_profile")
.anyRequest()
.authenticated()
.and()
.oauth2ResourceServer(oauth2 -> oauth2.authenticationManagerResolver(authenticationManagerResolver));