We have too many configuration examples of leveraging the light-oauth2 or the kafka-oauth for security. One of our customers is using Okta cloud for hundreds of services, and we have learned a lot of configuration variations on different light-4j products. This tutorial will show you how to use the Okta cloud OAuth 2.0 provider for security.
Single Okta JWK
This is the setup for a light-4j service or the http-sidecar to verify the incoming JWT token by downloading the JWK from the same OAuth server instance on the cloud. I am assuming you are using REST API with the light-rest-4j framework.
To use the JwtVerifyHandler, we need to register it in the handlers section in handler.yml and also put the alias into the default chain.
In the openapi-security.yml section in values.yml, we need to enable the security to verify the JWT token and also the scopes in the token against the specification. To load the JWK during the server startup, we must set up the bootstrap from the JWK server to true. We also need to change the keyResolver to JsonWebKeySet.
In the client.yml section, we need to define the tokenKeyServerUrl and tokenKeyUri so that the server knows where to load the JWK.