in some OIDC provider such as Azure Active Directory it's possible to configure the client application to emit groups claim (or roles claim). For instance, this and that.
With these claims, we can implement access control so that only ones in the selected group can access the sensitive resources protected by Ambassador API gateway.
Since I have already implemented this feature in my fork, I'm happy to send a PR if you think it's useful.
in some OIDC provider such as Azure Active Directory it's possible to configure the client application to emit groups claim (or roles claim). For instance, this and that.
With these claims, we can implement access control so that only ones in the selected group can access the sensitive resources protected by Ambassador API gateway.
Since I have already implemented this feature in my fork, I'm happy to send a PR if you think it's useful.