Nick Meves

I think setting the nonce is only part of the Authentication Request: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthRequest Backend IDPs even after refreshes preserve what we originally sent in the IDToken (so we can continue...

This is a good idea! I think we can potentially expose more data on the userinfo endpoint without needing to add in extra configurations too. Potentially everything we make an...

You can control the level of headers you send to the upstream with the various configuration options. In your scenario, it sounds like you want to disable the `X-Forwarded-*` headers...

@JoelSpeed Tossing you on this one since you are handling the header refactor at the moment.

I think there's a separate issue related to additional claims support and claim to header mapping? I'd need to scrounge it up, its definitely on our minds. Our goal is...

I think we have all existing session fields exposed in the userinfo endpoint. Adding anything new is blocked until we implement the adhoc claim->session field mapping feature we want. I...

> Any status update on this? Can we add custom claims to the endpoint now? If so; how? Nope, we still haven't added core support to extract adhoc IDToken claims...

Agreed! 👍 This refactor sets the stage for all providers to implement this: https://github.com/oauth2-proxy/oauth2-proxy/pull/797 None of the maintainers are Azure users, so we'll need someone from the community to contribute...

This and #885 seem to be asking for the same thing with 2 different reasons -- can you consolidate the use case and close one of these issues?

I think in the end, this & #885 will require an implementation of `sign-out` logic for each provider right? We can't just plug this logic into `oauth2-proxy` since the appending...