I tried to integrate Authentik Identity Provider and Jmix for OpenID Connect. Jmix-Version: 2.2.3.
When defining the roles-property in Authentik as { “roles”: “system-full-access” } (a result value of String type) my jmix-application was missing a result value for the roles-claim when returning from Login. Eventually I found out that the Add-On is expecting to get a collection from the provider (see DefaultClaimsRolesMapper.java). After switching the data type in Authentik from String to List, Jmix and Authentik worked together smoothly.
I propose to explicitly state in the documentation of the Add-On, that the OIDC-provider should be configured accordingly. Or: the Add-On should accept scalar values for the roles-claim as well.