Is your feature request related to a problem? Please describe.
I'm always frustrated when using Google Oauth2 client as OIDC due to groups are not included in the JWT
Describe the solution you'd like
The exact same as you use in Hashicorp Vault. Basically, use a Google Service Account to access Admin Console API (gsuite, google workspace) and retrieve the groups for a user to bind them to boundary roles internally
Describe alternatives you've considered
Craft a complete proxy that intercepts the JWTs and inject some custom claims, and then resign the token. But i'm not sure if this is completely possible
Explain any additional use-cases
n/a
Additional context
Most companies out there use groups as separator in Google Workspace for employees when using Google as cloud provider... Completely agree this is Google's blame, but please, could you support the same that you support on Vault? 🙏🏼
Is your feature request related to a problem? Please describe. I'm always frustrated when using Google Oauth2 client as OIDC due to groups are not included in the JWT
Describe the solution you'd like The exact same as you use in Hashicorp Vault. Basically, use a Google Service Account to access Admin Console API (gsuite, google workspace) and retrieve the groups for a user to bind them to boundary roles internally
Describe alternatives you've considered Craft a complete proxy that intercepts the JWTs and inject some custom claims, and then resign the token. But i'm not sure if this is completely possible
Explain any additional use-cases n/a
Additional context Most companies out there use groups as separator in Google Workspace for employees when using Google as cloud provider... Completely agree this is Google's blame, but please, could you support the same that you support on Vault? 🙏🏼