In a bit of a weird case I need to mutate userinfo response based on arbitrary information in the frontend SPA.
I use a groups claim and a mycustom claim. My authenticates with Okta via OIDC. Then it uses the access token with one of many backends. Each backend will then call userinfo endpoint and needs to receive a mutated claims.
-
groupswill be filtered by having a respective backend<prefix>.and then have this prefix stripped. Ie. with following groups assigned to a user
["foo.groupA", "foo.groupB", "bar.groupA", "bar.groupC"]
I’d like userinfo te respond to a request from backend “foo” with only
["groupA", "groupB"]
- and for
mycustomclaim I need a behaviour where for user having
["foo", "bar"]
a request from backend “foo” yields ["foo"] in claim and a request from “baz” backend yields []
Any ideas if, and if so, how this can be achieved ?
I could send some custom headers or query params to userinfo endpoint from my oidc integration, but I have no idea if/how those could be used to mutate the response from userinfo.