Enable Authorization based on OIDC claims alone without the need for Entity Resolution Service

[jrschumacher]

The addition of Entity Resolution Service offers the ability to fetch custom data from an IdP or some other source when making an Authorization request. The challenge with this is that it increases the necessary requirements to get OpenTDF up and running.

Currently, ERS only supports Keycloak and any additional needs will need to be developed and deployed apart from the platform. OpenTDF has no plans to add or maintain support for other IdP or data sources.

This enhancement focuses on reducing the complexity of starting the OpenTDF service by supporting any IdP (that meets our requirements) without any custom code as well as reducing any custom integration with Keycloak which requires an API key to fetch additional data.

Acceptance Criteria

• should be able to specify a token property to validate
• should fail authorization if property is not found in token

[strantalis]

Had this written this morning but never hit create.

https://github.com/opentdf/platform/issues/793

[pflynn-virtru]

The TDF specification addresses this with tdf_claims. See https://github.com/opentdf/spec/blob/2a95f6f434ae241df1d2371b33c2b3c564e5ee67/protocol/README.md?plain=1#L15

Would this functionality address this issue? (Note this is v1 behavior and will need to be ported to v2)