It is not possible to set a string on a Kerberos principal that includes double quotes. All commands that expect a string use double quotes for quoting and do not allow escaping of the double quotes. This makes impossible to set quoted JSON content because JSON format only allows double quotes (") around strings and not single quotes (').

Internal MIT Kerberos JSON processor works with single quotes just fine but all external libraries aren't because JSON RFC explicitly defines quoting character as ("). As a result, it is not possible to manually set a JSON string on the Kerberos principal to allow SSSD idp or passkey pre-authentication methods to work with such strings.

kadmin.local:  set_string idpuser idp '[{"type":"oauth2","indicators":["idp"]}]'
Attribute set for principal "idpuser@MACH.EXAMPLE.TEST".
kadmin.local:  get_strings idpuser
idp: '[{type:oauth2,indicators:[idp]}]' 

See https://www.rfc-editor.org/rfc/rfc8259#section-7 for the JSON format details.