Closed
Description
Summary
Add resource server support for multiple trusted JWT access token issuers
Actual Behavior
Presently we can configure a resource server's trusted jwt token issuer like:
security.oauth2.resource.jwt.keyUri=...
or
security.oauth2.resource.jwk.keySetUri=...
Expected Behavior
I'd like to suggest supporting something like (switching to yml):
security:
oauth2:
resource:
issuers:
issuer1:
keyUri: ...
issuerClaim: ...
issuer2:
keySetUri: ...
issuer3:
keyValue: ...
Note the optional issuerClaim for verification against the 'iss' claim, optionally.