I’m using the Enterprise OpenId Connect plugin to verify access tokens, along with an OIDC provider that supports multiple realms. Each realm is its own issuer, with its own discovery endpoint.
Is there a best practice for allowing authenticated requests from multiple issuers? AFAICT, the plugin only allows one issuer and only one instance of the plugin will run for a request. The only solution I can think of is to have multiple routes each with their own plugin config.