Using identity metadata in token roles

[davidcorrigan714]

We're looking to get this setup in the next few weeks, though I've played with in the past. I'm trying to figure out how I might allow users to authenticate to Vault and then get an API token through Vault for their specific account in Artifactory. For example some templated policy like:

path "artifactory/users/{{identity.entity.id}}" {
  capabilities = [ "read" ]
}

That would allow users to use their authenticated identity in Vault to get an API token for JFrog for their account. Is this doable somehow? The way the roles path is structured now it looks like I could only map devs to some shared role and not their exact identity in Artifactory.