Felix

Would you mind checking if setting the aud values via [custom claim](https://kanidm.github.io/kanidm/stable/integrations/oauth2/custom_claims.html). like this: `kanidm system oauth2 update-claim-map openclouddesktop aud OpenCloudDesktop` fixes the problem for you? And if it does,...

So i just checked and my assumption was correct: the client uses the OC_OIDC_ISSUER from the server, which isn't generic enough for different oidc clients

Another update, I have changed the OC_OIDC_ISSUER uri as follows: `OC_OIDC_ISSUER=https://idm.jasedow.dedyn.io/oauth2/openid/openclouddesktop` and now it works...for the native desktop app only, obviously this breaks the web client and the other clients...

based on that knowledge I guess it might be possible to connect [kanidm webfinger](https://kanidm.github.io/kanidm/stable/integrations/oauth2.html#webfinger) and [opencloud webfinger](https://docs.opencloud.eu/docs/dev/server/Services/webfinger/Webfinger-info) in some way, but that is above my head