Any of a dozen domains/products under the umbrella of my corporation can send a request to connect/token and get back a bearer token (if successful).
Any of those domains can then hit any of a slew of micro-services, pass the bearer token, the micro-service asks idsrv3 to validate, and gets back claims.
The micro-service can then use those claims to authorize and/or pull specific data based on the identity of the resource owner.
However, some of these micro services need to identify the resource owner based on their xyzID. idsrv literally has no way of knowing xyzID, as it is actually pulled from an identity database that only 4 of my products and 10 of my micro-services know about.
Therefore, when any of those 4 products finishes Step 1, Authenticating with idsrv, I'd like for them to inject extra claims back into idsrv so the micro-services can receive those claims based on the bearer token.
Any documentation on this?