Extend JWT authenticator per rule config with global config

[piotrmsc]

Is your feature request related to a problem? Please describe.

Allow users to define global config for JWT authenticator on per rule level.
Users have to first setup global config in oathkeeper with JWKS urls and then they can create access rules enabling authentication using provided keys.
Imagine a flow where user would like to have JWT authentication against google and facebook IDP in the same service for 2 different endpoints. It is possible but requires user to interact with global config first, before creating access rules for endpoints.

Describe the solution you'd like

Per rule config will be extended with global config fields with a fallback. If per rule config does not contain ie. jwks_urls, authenticator is looking in global config for those properties.

This way user can dynamically register multiple IDPs on services or paths without interacting with global oathkeeper config.

Describe alternatives you've considered

Additional context

Example rule :

{
  "id": "some-id",
  "upstream": {
    "url": "http://my-backend-service"
  },
  "match": {
    "url": "http://my-app/some-route",
    "methods": [
      "GET"
    ]
  },
  "authenticators": [{
  "handler": "jwt",
  "config": {
    jwks_urls: [
       "https://my-website.com/.well-known/jwks.json"
   ],
   "scope_strategy": "none"
    "required_scope": ["scope-a", "scope-b"],
    "target_audience": [
      "https://my-service.com/api/users",
      "https://my-service.com/api/devices"
    ],
    "trusted_issuers": ["https://my-issuer.com/"],
    "allowed_algorithms": ["RS256", "RS256"]
  }
}
  ],
  "authorizer": { "handler": "allow" },
  "mutator": { "handler": "noop" }
}

Add any other context or screenshots about the feature request here.

/cc @aeneasr

[aeneasr]

I forgot to close this issue - this has long been resolved.