We want to be able to map JWT claims into app roles. For example, a custom claim such as "my-app-access": "my-app-access" could be configured as the claim for the admin role, which gets attached to the req.user object. This would allow us to define arbitrary roles and claims to enable these roles directly from the API, without logging in.