WIP attempt at modification for allowing extraClaims during signin

[wollerman]

Before submitting this PR:

Checklist

• [ ] No breaking changes
• [ ] Tests pass
• [ ] New features have new tests
• [ ] Documentation is updated

Breaking changes

Avoid breaking changes and regressions. If you feel it is unavoidable, make it explicit in your PR comment so we can review it and see how to handle it.

Tests

• please make sure your changes pass the current tests (Use the make test or the make watch command).
• if you are introducing a new feature, please write as much tests as possible.

Documentation

Please make sure the documentation is updated accordingly, in particular:

• Workflows. Workflows are Mermaid sequence diagrams
• Schema. The schema in a Mermaid ER diagram
• Environment variables. Please adjust the .env.example file accordingly
• OpenApi specifications. We are using inline JSDoc annotations

[dbarrosop]

Please, if you want to contribute a feature open an issue first to describe the use-case and security implications (if any). For instance, the code I am seeing here is not secure as anyone could spoof claims.

[wollerman]

Thanks for taking a look so quickly! It was mostly a POC to understand if it could be bubbled up. You suggested Apollo client or cookies in discord, so I'm going to explore that route.

Thanks again!