Feature request: Pull information about groups of user

[ad-m-ss]

Hi,

In the case of authentication using Google, it would be valuable to download additional context about users in the form of groups they are a member. Such information could be stored in the session to provide additional context to the rules. This would allow for control of access to the application based on membership to groups. This would allow forcing access control that, for example, only the "Sales" group had access to Sales Tools.

Considering that OAuth credentials are currently available when Google authentication is used, we could use domain-wide delegation and authorize applications for access to the group on your own behalf, i.e. to perform the groups.list operation in Google Admin with the parameter userKey.

Considering the latency, this operation of collecting group membership must be performed during the creation of the session or use the cache & performed for each request. In the latter case, it can introduce random delay and is less predictable, so it does not prefer it.

Let me know what you think. I don't have a lot of experience with Go, but I think I could try to implement it if I could find someone kind to a beginner in the review.

[ad-m-ss]

I just have notice that oauth2-proxy support that feature: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider#restrict-auth-to-specific-google-groups-on-your-domain-optional