The answer is header injection and metadata from the token itself.
When TIB generates your token, it will also insert metadata about the key (go on, look up the data in the created token in the dashboard):

You can use Header Transforms to then inject the metadata from the token into the header of the outbound request, and then retrieve that from the header using the $tyk_meta reserved metadata key.
So in the above case, you add a header called UserID
with the value: $tyk_meta.AuthProviderUserID
and Tyk will put that into the header that gets created:
Here's some output from an API that points at HTTP Bin:

(see the UserID
header there?)
If you want to integrate, you could also do this programatically by requesting the key detail via the API, this will also return the metadata.
TIB Proxy provider supports two injected meta data fields: a UsernameField
and an AccessTokenField
, both of these, if the TIB response is JSON, will be extracted from the proxied IDP and inserted int o the temporary access token from the gateway.