tip:
  fallback_issuer_unknown_token_issuer:
    issuer_url: {{ proxy_introspection_issuer }}
#    introspection_endpoint: https://issuer.example.com/introspect
    client_id: {{ proxy_introspection_client_id }}
    client_secret: {{ proxy_introspection_client_secret }}
# this part is not configured but is supported in the custom introspection provider
#    drop_claims:
#      - todrop1
#      - todrop2
#    claim_renaming:
#      weird_groups: groups
#      bad_username: username
#    claim_mapping:
#      strings:
#        sub:
#          one-sub: other-sub
#      string_arrays:
#        super-entitlements:
#          hpc:
#            - compute
#        weird_groups:
#          all-users:
#            - users
#          special-users:
#            - admins
#            - dev
  fallback_issuer_unsupported_token_issuer:
# Not configured bu the synatx is the same of the 'fallback_issuer_unknown_token_issuer'
  remote_issuers:
    - issuer_url: {{ proxy_introspection_issuer }}
 #     introspection_endpoint: https://issuer.example.com/introspect
      client_id: {{ proxy_introspection_client_id }}
      client_secret: {{ proxy_introspection_client_secret }}
# this part is not configured but is supported in the custom introspection provider
#      drop_claims:
#        - todrop1
#        - todrop2
#      claim_renaming:
#        weird_groups: groups
#        user_id: username
#      claim_mapping:
#        strings:
#          sub:
#            one-sub: other-sub
#        string_arrays:
#          entitlements:
#            hpc:
#              - compute
#          weird_groups:
#            all-users:
#              - users
#            special-users:
#              - admins
#              - dev