How to tie OIDC ID token with Tyk's key?


I am using OIDC for authenticating users.

I want to apply a rate limit policy, access control policy and quota policy to all users from the same “partner” (one partner can have multiple users, in my company’s use case).

I want to set up a Tyk key per partner, and associate several policies with the key (multi-policy, so one policy for rate limit, one for access control, one for quota).

The next step I want to do is to associate the “partner” claim in my OIDC with the Tyk key, so when Tyk receives the OIDC, it knows what policies to apply.

Example, say I have a parter called “BigCompany”, users from BigCompany called “Alice” and “Bob”. I also created a Tyk key with key ID “123456”, and apply a rate limit policy “20rps” to it.

Now when Alice sends a OIDC ID token, I want to identify her as being from BigCompany, then somehow realise the key ID is “123456”, and attach the correct policy “20rps” to it. When Bob sends another OIDC ID token, I will do the same. So in total, Alice and Bob cannot send more than 20 requests per second.

Is there anyway to achieve this? Ideally only with plugins, not Tyk Identity Broker, as it is too complex to set up.

I am using Tyk hybrid version (aka multi-cloud).