davidblasby

@taba90 - thanks for the review!

FYI - rebased due to test case failure (not to do with this pr)

@taba90 - ready to merge?

@ianwallen - RE: you get 401s This should work with the "a:Editor" - in the same way as the old keycloak provider (I reused the code there). I haven't done...

@ianwallen - added the OPENIDCONNECT_SERVERMETADATA_CONFIG_URL environment variable (to download the config JSON from idp server on GN startup) and updated doc. I this this just needs a review by @josegar74...

@ianwallen Hi, I don't think that roles should be in the Access Token. In fact, you shouldn't ever parse the access token - it doesn't have to be a JWT....

I updated so the default scopes are "openid email profile" (norma), and "openid email profile offline_access" (for bearer tokens).

@ianwallen @josegar74 - I think this is ready to merge???

> I'm not an expert? I tried to find information on best practices for group token and I only found the following. https://devforum.okta.com/t/best-practices-groups-claim-in-id-token-or-access-token/6532 From that group; > If your application...

@ianwallen - I changed the name of all those beans so they don't have "_" in the name. @josegar74 - I will send you a private message for connecting to...