Support OIDC Group claims

Problem to solve

OIDC Authentication for AdminUI does not seem to support Group claims. It would be nice to be able to base AuthZ rules based on group belonging instead of individual users. Similar to Kube API --oidc-groups-claim flag: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-flags

Further details

It would simplify role management on group level rather than individual user rules.

Proposal

Add support as opt-in to pass group membership as part of the OIDC integration. https://developer.okta.com/docs/guides/customize-tokens-groups-claim/main/

Testing

Nothing as I can see, as it would be opt-in

Acceptance Criteria

A user can configure a configuration to pass OIDC Group membership for users, similar to --oidc-groups-claim for Kube API

Links / references

https://developer.okta.com/docs/guides/customize-tokens-groups-claim/main/ https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-flags