Tip ( doc improvement ) auth0, terraform boundary_managed_group

If in auth0 you want to use custom user metadata, to define extra user attributes.
Doing a filter on them follows the (JSON) Pointer. In auth0 your custom attributes must be in a namespace. In actions you do for instance the following to pass the info:

exports.onExecutePostLogin = async (event, api) => {
const namespace = ‘https://boundary-claim.com’;
const { admin_role, boundary_roles } = event.user.user_metadata;

if (event.authorization) {
// Set claims
api.idToken.setCustomClaim(${namespace}-admin_role, admin_role);
api.idToken.setCustomClaim(${namespace}-boundary_roles, boundary_roles);
}
};

this result in terraform to the following:

resource “boundary_managed_group” “oidc_group_admin” {
name = “Auth0 admin”
description = “OIDC managed group for Auth0 admin”
auth_method_id = boundary_auth_method_oidc.auth0.id
filter = “”/userinfo/https:~1~1boundary-claim.com-admin_role" == “true”"
}