I think Keycloak Gatekeeper had a concept similar to this. This likely cleans up the special claims in a session that more and more users have been requesting lately (user-id-claim, the recent groups claim PR, etc). I would love the ability to add arbitrary fields from the JWT token as...
apiVersion:gateway.envoyproxy.io/v1alpha1kind:SecurityPolicymetadata:name:jwt-binnamespace:my-systemspec:targetRef:group:gateway.networking.k8s.iokind:HTTPRoutename:bin-routenamespace:my-systemjwt:providers: -name:keycloakremoteJWKS:uri:xxxxxclaimToHeaders: -claim:resource_access.account.rolesheader:x...