_When using the datastore module authentication is case insensitive as per the LDAP schema. So for instance, the user can authenticate with "USER.1" even though the user in the datastore is stored as "user.1". When using OIDC however and requesting a token, the case of the authentication request is used to populate the sub claim. OIDC spec states that the sub claim is case sensitive (http://openid.net/specs/openid-connect-core-1_0.html#IDToken)._
- Setup the OIDC provider and client
- Using implicit flow, request an OIDC token:
3. Decode the id_token (jwt.io):
Use of the LDAP authentication module rather than the datastore module, which is recommended best practice anyway.