Description:

This is an issue of Quay 3.11 new feature "Allow team synchronization via OIDC on Azure", as the title mentioned Quay 3.11 should support to sync team members from Microsoft Azure Entra ID OIDC groups, but the current design is requiring to have a config called "PREFERRED_GROUP_CLAIM_NAME: groupNames", that means the target OIDC client should be able to configure the OIDC client mapper, and support to define the "Token Claim Name", but this is not existed in Azure Entra ID, pls review this issue.

Quay: quay-operator-bundle-container-v3.11.0-22

Quay new feature: https://issues.redhat.com/browse/PROJQUAY-6138

Example of Quay config.yaml:

AUTHENTICATION_TYPE: OIDC
FEATURE_TEAM_SYNCING: true
FEATURE_NONSUPERUSER_TEAM_SYNCING_SETUP: true
AZUREID_LOGIN_CONFIG:
  CLIENT_ID: d38adba5-f32e-4342-b57e-bc0e6dcc4fbe
  CLIENT_SECRET: ******
  LOGIN_SCOPES: [ 'openid', 'roles' ]
  PREFERRED_GROUP_CLAIM_NAME: groupNames
  OIDC_SERVER: https://login.microsoftonline.com/250926f3-c788-4a52-acfa-e3aac5386ac1/v2.0/
  SERVICE_NAME: AzureAD