1. Proposed title of this feature request
Quay - Support distributed claims for OIDC providers

2. What is the nature and description of the request?

Customer using OIDC groups with Quay, users that are in more than 200 groups (when using Microsoft Entra as the IdP) are required to use the distributed claims standard (https://openid.net/specs/openid-connect-core-1_0.html#AggregatedDistributedClaims) to retrieve the groups a user is a member of. Quay does not presently support this, causing users to not contain the groups claim.

This is a non-Microsoft specific standard that should be adhered to for all OIDC providers.

3. Why does the customer need this? (List the business requirements here)
We have many many users in our Microsoft Entra Tenant (over 1 million), and about 192,000 groups in our environment. How many users have greater than 200 groups is difficult to say - however, it is enough that this is regularly becoming an issue for our users.
Expectation
Distributed claims is part of the OIDC standard, so my expectation would be that this works consistently across OIDC providers.
4. List any affected packages or components.