Customize OauthClientConfigurationProperties for specific oauth providers

[daltonconley]

Is there a way to provide a custom OauthClientConfigurationProperties for a specific oauth provider? I'm try to generate the client-secret for Apple ID, which is a JWT signed by an Apple key (generated in the developer portal). My understanding is these tokens can have a max duration of 6 months so I'd like to provide a more dynamic approach to getting the secret within the micronaut service (perhaps generating the secret on a per request basis, or at startup), rather than building some secret generator/rotation mechanism outside of the service.

Another factor is that apple relies on "services ids" (which are children of app ids) to support multiple applications using apple sign in. From what I understand, this essentially means you have multiple client ids for the oauth configuration but the client secrets can share the same signing key. In my situation, I have a mobile application and a single-page web app. In the current implementation (not micronaut), I'm passing the client id from the respective app to my backend API to determine how I generate the client secret.

Config

micronaut:
  security:
    oauth2:
      clients:
        apple:
          client-id: # from request?
          client-secret: # generated? 
          openid:
              issuer: https://appleid.apple.com

Some code to generate client secret

JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.ES256).keyID(appleAuthenticationConfig.getKeyId()).build();

JWTClaimsSet claims = new JWTClaimsSet.Builder()
        .audience("https://appleid.apple.com")
        .subject(clientIdFromRequest)
        .issuer(appleAuthenticationConfig.getTeamId())
        .expirationTime(Date.from(Instant.now().plusSeconds(120)))
        .issueTime(Date.from(Instant.now()))
        .build();

SignedJWT signedJWT = new SignedJWT(header, claims);
signedJWT.sign(new ECDSASigner((ECPrivateKey) loadPrivateKey()));

Appreciate any advice.

See also https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens#3262048