OpenID Connect issue with Azure AD

Hi, I am getting a very similar issue to the OP here. I’m authenticating against NHS.net, which under the hood is Active Directory and probably provided by Azure. I’m using the OIDC plugin and getting the following error:

(oidc) Authentication failure! invalid_credentials: OAuth2::Error,
(the error ends with a comma, and no further data, unlike the OP’s error though)

I’ve tried changing the settings of the authorization and token scope to openid email profile (and these are supported on the OIDC endpoint according to the configuration URL data)

Still getting that same error in the UI ‘Sorry, there was an error authorizing your account. Please try again.’

I’m not getting any data back from the JWT it seems. So it’s not quite the same as the ‘missing email field’ issue, but it started with the same error. The only other place on Meta I can find that error (that seems relevant) is SSL Error during OAuth2 That turned out to be related to an SSL issue (and interestingly NHS.net’s cert does have that issue, which I have reported). But having installed the SSL workaround, the Faraday SSL errors went away. But it does still look as though some part of the OpenID Connect flow is broken still.

Any suggestions on next steps for debugging this?