Support Google Workspace groups retrieval when using Google as OIDC

[achetronic]

Is your feature request related to a problem? Please describe. I'm always frustrated when using Google Oauth2 client as OIDC due to groups are not included in the JWT

Describe the solution you'd like The exact same as you use in Hashicorp Vault. Basically, use a Google Service Account to access Admin Console API (gsuite, google workspace) and retrieve the groups for a user to bind them to boundary roles internally

Describe alternatives you've considered Craft a complete proxy that intercepts the JWTs and inject some custom claims, and then resign the token. But i'm not sure if this is completely possible

Explain any additional use-cases n/a

Additional context Most companies out there use groups as separator in Google Workspace for employees when using Google as cloud provider... Completely agree this is Google's blame, but please, could you support the same that you support on Vault? 🙏🏼

[achetronic]

For those looking for thia feature, we have created a little syncer for this:

https://github.com/freepik-company/bgos

[rfc2119]

I second this. We eventually resorted to using Dex to get the groups.