The documentation states that custom SAML attributes and OIDC claims can be added to the JWT if the identity provider supports this.
The Azure AD integration supports to fetch group data, so it should be relatively easy to allow to add some group data to the JWT token as well - however, I couldn’t find any options there.
I know I could fetch the whole user identity by sending the CF_Authorization cookie to the Cloudflare API (see documentation), however it would be much easier to directly add a few selected attributes to the JWT. This would also be more secure, since the application would not need to be allowed to make outbound connections.
Are there any plans to support this or am I missing something?