Spring Boot Oauth2 Resource Server Mutual TLS Authenticated JWKS URL

If not a medium member, try using the link here to view it for free.

Agenda

While going through the previous code at the article here people must have gone through the toughest scenario for loading mutual TLS authenticated JWKS(Json Web Key Store) URL.
It was little tricky at first but not impossible because of the so great framework Spring Boot is.

Technical Notes

1. Your resource server internally has a auto configuration for loading the JWKS from the provided endpoint.
2. That URL provided is provided using the property

spring.security.oauth2.resourceserver.jwt.jwk-set-uri=<BASE>/.well-known/jwks.json

3. Internally that configuration loads a WebClient(Reactive in nature) and loads the JWKS for you

4. And this the main area we can lookout some option for

Solution to override the WebClient & JWTDecoder

1. Construct the SslContext which is based on the client Keystore and Truststore
2. Create the HttpClient based on the SslContext.
3. Create the ReactorClientHttpConnector from the HttpClient.