Istio in Kubernetes: Oauth2 External Auth

Hi all,

I’m to replace a Nginx Ingress Controller with Istio Gateway and am looking for the appropriate means to integrate an external OAuth2 Proxy. The Nginx Ingress controller handles this with annotations on the Ingres resource and is documented here:
https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/

I am looking to do something similar with the Istio Gateway. The closest article that I can find related to this is using a EnvoyFilter Lua script as shown here:

This looks like a good resource, but was wondering if there was more information about this. I’m also wondering if there is an easier way to achieve this (as the syntax is pretty simple in the case of the Nginx Ingress controller - I’m wondering if someone has done this before with the Istio Gateway).

What is the best way to go about integrating Istio in Kubernetes with an external Oauth2 service?

Thank you for reading, and any feedback is much appreciated.