google connector: support group claim on JWT

[zufardhiyaulhaq]

Preflight Checklist

• [X] I agree to follow the Code of Conduct that this project adheres to.
• [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

Since dex can gather all Google groups that belong to a user. we can extend the functionality to also support group claims on the JWT, even Google doesn't support this.

Currently, dex is only able to whitelist before sending the JWT to the user.

by adding a google group list on the JWT, we can further filter from the application side or from a proxy that supports JWT verification.

Proposed Solution

from the codebase, we can enforce this. but need help to make it configurable. this is some workaround that I did when forking the dex https://github.com/dexidp/dex/pull/3449

Alternatives Considered

N/A

Additional Information

N/A

[zufardhiyaulhaq]

Hi @nabokihms I am not sure which one should I tag,

I believe this is good feature since we can implement RBAC based on google group when extracting JWT from client on 3rd party gateway,