OAuth2 Group Claims
Problem to solve
Allow an OAuth2 provider to specify claim(s) to assign users to groups. Similar to what we're planning with SAML groups.
Customer is using Azure OAuth2 and would like the ability to manage authorizations a bit more. They do not have intentions/capabilities to use SAML, SCIM, or LDAP. They are also planning to use self-managed so SCIM isn't even an option currently. I'm also not sure if our planned SAML implementation will include self-managed on just .com.
Intended users
Further details
I'm not sure what an OAuth2 claim looks like. To be honest, I didn't know it had a concept of claims like SAML. We may need to do some checking around this, or ask the customer to provide us with a sample claim they might use. @vladbudica is aware of the customer and has contact.