Bob Aman

I probably won't attempt to fix this, no.

My inclination for having it be in core is that we’d want to share code for e.g. `Gap-Signature` headers and `Authorization` with ID token / bearer token. Sent with GitHawk

It's not orthogonal. The Azure AD provider uses OIDC under the hood, but it additionally introduces groups support that's not part of OIDC.

Hey, sorry about delay on this. Was fully occupied w/ KubeCon stuff for a bit. I expect I should be able to tackle the review comments within the next week...

Alrighty, good news, I finished up the stuff on my plate that was blocking me from getting back to this. Starting in on the requested changes now. Sorry it's been...

I've addressed all the minor issues. There's a small number of outstanding issues remaining that I expect I should be able to address in the next few days.

All changes have been made, this should be ready for re-review @katzdm.

@eyalzek Yeah, that's true, it's currently closer to a functional stub than anything. Part of the problem is that Azure AD doesn't quite follow the OIDC spec to the letter...

I could certainly turn it on if you'd be willing to test it and work with me on making sure it works in practice, not just in the test suite.

My expectation would be that groups are unlikely to work for most OIDC providers that don't have provider-specific implementations though (like this Azure AD PR) since groups have to be...