In order to provide multi tenancy with cost management, we need to ensure that each cost management metrics operator has an associated org_id and account_number in the JWT token retrieved from keycloak. Today that is done via claims in the keycloak client resource. However, the UI interactions with the cluster also need to be able to provide the same org_id and account_name in order to filter the data for each tenant.

The limitation we face is that the information returned from tokenreviewer does not contain that information, even when the cluster is configured to map the keycloak attributes to the "extra" structure in OCP.

This spike aims to clarify why is it not possible and what alternatives are out there to enable the outcome where the REST API calls from the UI can provide these 2 key fields to the backends, such as it is for the cost management metrics operator.