I have found this great article that describes the ability to run API authentication with Istio Ingress Gateway and Oauth2-proxy: https://medium.com/@senthilrch/api-authentication-using-istio-ingress-gateway-oauth2-proxy-and-keycloak-a980c996c259
What I miss is to have the ability to create an internal token based on the incoming one for internal authorization (mapping of external roles to internal ones for RBAC support).
I will be glad for any suggestions!
Thank you!