Micronaut security with OKTA - OAUTH 2.0

535 Views Asked by San Jaisy At 20 October 2024 at 19:50

I have a Micronaut rest endpoint which is secured by @Secured(SecurityRule.IS_AUTHENTICATED)

@Secured(SecurityRule.IS_AUTHENTICATED)
@Controller("/product")
@Secured({"Admin"})
public record ProductController(IProducer iProducer) {
    @Get(uri = "/{text}")
    public Single<String> get(String text){
        return iProducer.sendText(text);
    }
}

I am using the Validation with remote JWKS https://micronaut-projects.github.io/micronaut-security/latest/guide/#jwks

Application.yml

micronaut:
  security:
    enabled: true
    token:
      jwt:
        enabled: true
        signatures:
          jwks:
            okta:
              url: 'https://xxx-xxxxxx.okta.com/oauth2/default/v1/keys'

Decode JWT

{
  "jti": "AT.Y4r-Hu9ss5FXJRomosJlJRSGSsv4vscLeGI5seM2BJA",
  "iss": "https://dev-6271510.okta.com/oauth2/default",
  "aud": "api://default",
  "iat": 1608187083,
  "exp": 1608190683,
  "cid": "0oa2lezagQ4wrRUnW5d6",
  "uid": "00u2kavl6tQtJ7NNj5d6",
  "scp": [
    "openid"
  ],
  "sub": "[email protected]",
  "Admin": "[email protected]"
}

Questions

Since I am using Validation with remote JWKS, is this is the only way to validate the OKTA JWT token. How can I validate the OKTA JWT without remote JWKS.
In the token I have a claim ADMIN, how can I secure my controller route with ADMIN claim.I tried @Secured({"Admin"}) it give me 403 forbidden
Is there a way to create security requirement and handler for the requirement

Original Q&A

Micronaut security with OKTA - OAUTH 2.0

There are 0 best solutions below

Related Questions in JAVA

Related Questions in MICRONAUT

Related Questions in MICRONAUT-CLIENT

Related Questions in MICRONAUT-REST

Trending Questions

Popular # Hahtags

Popular Questions