I have a Micronaut rest endpoint which is secured by @Secured(SecurityRule.IS_AUTHENTICATED)
@Secured(SecurityRule.IS_AUTHENTICATED)
@Controller("/product")
@Secured({"Admin"})
public record ProductController(IProducer iProducer) {
@Get(uri = "/{text}")
public Single<String> get(String text){
return iProducer.sendText(text);
}
}
I am using the Validation with remote JWKS
https://micronaut-projects.github.io/micronaut-security/latest/guide/#jwks
Application.yml
micronaut:
security:
enabled: true
token:
jwt:
enabled: true
signatures:
jwks:
okta:
url: 'https://xxx-xxxxxx.okta.com/oauth2/default/v1/keys'
Decode JWT
{
"jti": "AT.Y4r-Hu9ss5FXJRomosJlJRSGSsv4vscLeGI5seM2BJA",
"iss": "https://dev-6271510.okta.com/oauth2/default",
"aud": "api://default",
"iat": 1608187083,
"exp": 1608190683,
"cid": "0oa2lezagQ4wrRUnW5d6",
"uid": "00u2kavl6tQtJ7NNj5d6",
"scp": [
"openid"
],
"sub": "[email protected]",
"Admin": "[email protected]"
}
Questions
- Since I am using Validation with remote JWKS, is this is the only way to validate the OKTA JWT token. How can I validate the OKTA JWT without remote JWKS.
- In the token I have a claim ADMIN, how can I secure my controller route with ADMIN claim.I tried
@Secured({"Admin"})
it give me 403 forbidden - Is there a way to create security requirement and handler for the requirement