I’m excited about and appreciate this new OAuth2 plugin, but I have to admit I’m a little disappointed that you stopped short of fully implementing OpenID Connect (OIDC).
I’m not yet an expert on OIDC, so correct me if I’m misunderstanding something… (context: currently working on a custom OIDC provider in Ruby and want to integrate Discourse with it)
It seems like the one major piece that OIDC adds to OAuth2 is the userinfo endpoint, who’s purpose is to solve exactly the same problem that the custom user info JSON endpoint described in your docs is intended do. But I don’t understand why you would implement a standard (OAuth2) and then make it depend on a custom extension (your user info endpoint) instead of defaulting to the other standard that provides a spec for that function (OIDC).
Is there a reason it had to be that way? And if not, are you open to moving this plugin towards OIDC compliance, or will I need to implement another plugin for that (perhaps building on yours)?