I’m attempting to set up auth for my project in weweb using the OpenID plugin. I’m using the Authorization Code Flow + PKCE protocol by setting response_type code in the plugin, it will exchange the code for an id_token and access_token. This operation is successful, but the plugin does not expose these tokens unless the user object exists. It seems that the plugin attempts to read userinfo from the /openid/userinfo that it retrieves from well-known configuration endpoint. However, in Microsoft Entra ID, this endpoint is not supposed to be call by js clients, and hence crashes with 400 due to CORS.
Why can’t I access the tokens that I successfully received? Is someone maintaining the OpenID plugin?