Dear everyone. I have tried to set up the extension towards Azure AD using OIDC.

In that context I have a few questions:

• It seems the extension now support JWT (according to this page https://fiware-ckan-extensions.readthedocs.io/en/latest/installation-administration-guide.html). So this fits OIDC nicely. Can you confirm this?

• Given that JWT is supported, is there any point of keeping the user info endpoint? I think with the scope of oidc profile email we have everything we need for CKAN?

• Looking at the code it seems you fetch the user information from the access token. But with OIDC we can also get the id token and I would rather fetch that information from there.

• Is there a OIDC example using this plugin somewhere where we know the connection have been successful?

• Do CKAN support @ in user names?

Given that OIDC is rather strictly defined and that it support discovery as well, would it make sense to make a new plugin, or at least add a mode for OIDC only and get rid of the legacy stuff? Maybe fork of this plugin and utilize https://github.com/rohe/pyoidc or something along those lines? Do you know if anyone is working on something like this?

Thanks a lot for the work you have done on this plugin.