Generic OIDC Provider - ID Token

[SvenC56]

Hi all,

I just tried to integrate Kratos into our existing OIDC landscape. I already tried it with google and it worked fine. Now I want to integrate it into our internal IdP solution.
I was wondering if Kratos is reaching out to the Userinfo endpoint, or if it is using the ID JWT Token to get the claims?
Our companys solution is providing sensitive data inside the JWT ID Token like memberOf.
I was also wondering if it is possible to debug the OIDC Callback response, to see the returned ID token and maybe better integrate our .jsonnet file?

Thanks!

[SvenC56]

I just found the solution. I needed to access claims.raw_claims:

local claims = {  
    email_verified: true,  
} + std.extVar('claims');  
{  
    identity: {  
        traits: {  
        [if 'email' in claims && claims.email_verified then 'email' else null]: claims.email, 
        first_name: claims.raw_claims.first_name,
        last_name: claims.raw_claims.last_name,
        username: claims.raw_claims.userID, 
        },  
    },  
}