Well the main issue is we can’t figure out how to overcome some limitations in snowflake and the auth0 sdk that we are using in our web app.
Snowflake only accepts a single value in the scope claim. Auth0’s sdk only accepts a hard coded value for audience and scope. If you leave scope blank when making the request to auth0, you end up with a jwt that has all the scopes defined for that specific audience. This means I need to create multiple versions of my web app each with a different hard coded value so that each web app instance is specific to one customer.
And snowflake would need multiple oauth integrations to be done - one for each customer - to auth0, which is also really silly.
I am just wondering if there is a way to get tyk to be the one to issue jwt tokens and do the manipulations at tyk. This way we can integrate snowflake to tyk as the oauth provider. And when the web portal passes the auth0 token to tyk, tyk knows based on the api being called to drop all non-relevant scopes.