Ability for client to select which attribute to pass to the JWT

[DonaldChung-HK]

Hi INDIGO IAM Developers,

I would like to request a feature that does the following:

• an attribute for the OpenID client that is a regex string to allow the client owner to fine tune which groups to encode to the JWT issued
• a field in the dashboard for the user to input this string
  • (optional) in addition to that, the ability to type a pure string so that groups will be passed to the JWT issued if the string matched the groups, this is to increase the accessibility of this feature so that users who don't know regex
• Token will be issued so that it only contains the groups/attributes matched

Rationale for this feature:

• Users may have too many groups for their account, which the downstream services don't require
• Users may wish to keep certain attributes/affiliations from the downstream service and so would benefit from knowing that the client only get certain attributes
• This prevents the token from getting too big, avoiding #873
• Increase performance as tokens are smaller so that it should complete the workflow faster (especially database write)

Thanks