← Back to context

Comment by kodama-lens

8 months ago

It would fix a lot of the provider specific aspects of OAuth2, if the spec would be more strict on some claim (attribute) names on the jwt ID token. Some provide groups, some don't. Some call it roles or direct_groups. Some include prefered_username, some don't. Some include full name, some don't and don't get me started on name and first_name.

If you implement OIDC you must certainly provide a configurable mapping system for source claim name to your internel representation of a user object.

2 comments

kodama-lens

Reply