OIDC Authentication for UIs Running in Consul Service Mesh

We have a number of services serving UIs in a Consul Service Mesh, using Consul API Gateway as our ingress controller. These UIs are required to be protected by OIDC Auth by company policy.
Is there a recommendation for Auth methods for UIs in the mesh?
We have seen two possible ways of doing it, through Envoy or using an API Gateway like Spring Cloud Gateway, but is there a recommended approach?
Thanks in advance for your help.

did you figure this out, i am very interested in this topic as well. i am currently using nginix ingress controller with oauth proxy thingy with identity server. @jeff

We are running PoCs with Envoy / Keycloak and Nginx / ForgeRock, I’ll update when we find a solution

Hi, we are also looking at Ambassador

i think also the existing envoy should be able to handle it with custom config. the issue now is that it dosnt seem like you can add custom envoy config per service.

i enabled ext_autz now in the default pipeline but it also affects the connection the the database it seems.