We need to propagate request headers received by VIP Authentication Hub to our Custom Authentication Factor using Custom SPI (Service Provider Interface). 

We had look at Dynamic Environment Variable Substitution documentation. Can we use ‘providerHeaders’ property with a dynamic variable substitution when creating our Custom Provider to achieve this objective?

VIP Authentication Hub 3.x

We can configure 'providerProperties' instead when creating the Custom Provider to achieve this requirement.
Please review

     Configuration to Support a Custom Authentication Factor

We can use the following spi.request.header.proxy "key" (providerContext)

For example:

{
   "providerName": "customSpi",
    "version": "1.0",
    "apiKey": "apikeyParam",
    "securityMethod": "apikey",
    "url": "https://##########.#######.###",
    "ignoreSSLValidation":true,

    "providerHeaders": [
        {
            "name": "clientId",
            "value": "####-############"
        }
    ],
    "providerProperties": [
        {
            "name": "spi.request.header.proxy",
            "value": "x-header-1"
        },
         {
            "name": "spi.request.header.proxy",
            "value": "x-header-2"
        },
        {
            "name": "spi.discover.capabilities",
            "value": "customclaim,customauthenticator,custompasswordauthenticator"
        },
        {
            "name": "spi.response.header.proxy",
            "value": "header-by-spi-expect2parts,CustomResponseHeader"
        },
        {
            "name": "spi.response.header.proxy",
            "value": "CustomResponseHeader"
        }
        
    ]
}

Above "spi.request.header.proxy" configuration indicates that the headers x-header-1 and x-header-2 are the API headers that need to be forwarded to Custom Authentication Factor. We can add as many headers as it is required.