Preflight Checklist
Problem Description
I am trying to use GitLab as an OIDC provider and retrieve the project_ids (with prefix and role) as groups. The existing GitLab token only contains project paths as groups. I need some way to call the GitLab API as the user and return a new groups claim which contains the additional information I need.
Proposed Solution
Add in a plugin or scripting system which would allow me to take the existing user_info and access_token and call the GitLab API to retrieve all the additional information I need, and return a new user_info back to the user.
Alternatives Considered
I have actually scripted this setup on a go application, which does precisely this, however for security I'd rather trust an established federation service like Dex, if it can support transforming and augmenting the user_info as I need.
Additional Information
I believe this might be related to, or covered off by #1635
Preflight Checklist
Problem Description
I am trying to use GitLab as an OIDC provider and retrieve the project_ids (with prefix and role) as groups. The existing GitLab token only contains project paths as groups. I need some way to call the GitLab API as the user and return a new groups claim which contains the additional information I need.
Proposed Solution
Add in a plugin or scripting system which would allow me to take the existing user_info and access_token and call the GitLab API to retrieve all the additional information I need, and return a new user_info back to the user.
Alternatives Considered
I have actually scripted this setup on a go application, which does precisely this, however for security I'd rather trust an established federation service like Dex, if it can support transforming and augmenting the user_info as I need.
Additional Information
I believe this might be related to, or covered off by #1635