[Feature]: Let the userinfo endpoint return more then just a subset of claims from the id token

[dadrus]

Motivation

I'm the maintainer of https://github.com/dadrus/heimdall, an identity aware proxy, which is able to orchestrate different authentication and authorization solutions and act on its own or be integrated in any proxy (ngnix, traefik, envoy, and many more). While heimdall supports OAuth2 and OIDC, it doesn't drive any of the authorization flows (by intention). Support of OIDC for 1st party context can easily be added by integrating heimdall with oauth2 proxy similar to the integration with traefik or ngnix by making use of the userinfo endpoint and starting the flow by redirecting to the login endpoint on errors. There is however a limitation in the implementation of the userinfo endpoint - it returns just a limited set of data from the claims available in the id token. It would be awesome, if there would be a possibility to have more information extracted (preferably configurable). I would also like to get access to the ttl of the session created by the oauth2-proxy proxy to reduce the amount of calls to the abovesaid endpoint.

If you are affraid that there might be too much information exposed, heimdall can shield the access to the oauth2-proxy on it's own.

It might be even an ideal partner for the oauth2-proxy to allow easy configuration of public and private endpoints of the upstream services, as requested in some other FRs.

Looking forward for your thoughts on that.

Possible solution

No response

Provider

None

[dadrus]

I've just published a new guide, my request from above relates to: https://dadrus.github.io/heimdall/dev/guides/authn/oidc_first_party_auth/

[dadrus]

@JoelSpeed, @NickMeves, @braunsonm, @tuunit, @kvanzuijlen: Please excuse me for the noise. Is there any chance to discuss this fr with some of you guys? I can contribute a PR for that, would however like to hear your thoughts on that. Thank you very much in advance.