I'd like to integrate Identity Platform with Apache's mod_auth_openidc to provide SSO on a site. However, I'm having trouble understanding how to do this, or even if it's possible.
I can get basic 'Sign in with Google' functionality by creating a Google app, with OAuth 2.0 Credentials, and this works by sending a JWT back to Apache on the server. However, this isn't good enough, since I need to add custom claims for the users to enable permissions-based access to different parts of the site. This means, I think, that I have to use Identity Platform and create and manage the users myself.
The problem is that Identity Platform doesn't seem to be JWT/OAuth-based, and instead expects you to use client-side JavaScript to authorise (signInWithEmailAndPassword/etc). Is this right, or can I persuade Identity Platform to send a JWT back to Apache?