Hello Bobby, For this type of a connector to be useful to me, I would still need to be >>> able to then enrich the JWTs with additional claims. oidc.Identity as >>> returned by Identity() today does not allow/encourage this. Is there >>> another extension point (real or planned) for connectors that would allow >>> me to pass along additional information? >>> >> I agree with the limitedness of oidc.Identity. A little background here: > originally dex was an internal project and in comprised what is now dex, > and what is now go-oidc in one project. When we decided to opensource it, > we split it up into dex, the IdP, and go-oidc, the OIDC library. Some stuff > made it into go-oidc which, in retrospect, probably is dex-specific. > > Identity I think is one of those things. off the top of my head: I would > do something like the following: remove dex's dependency on the Identity > type, and create one within dex. This might be a big change in terms of > LOC, but fairly mechanical (I think). Then add something like "other > claims" which could just be a Claims object. Then connectors could populate > it with whatever they want. >
Rather than creating a type specific to dex, is there any reason to not modify the existing oidc.Identity type to support additional claims? For my specific needs, the changes I'm interested in for the type are not really dex specific, but are specific to oidc.
