Exactly. Happy to provide more details / logs if you tell me what exactly would help (e.g. output of a certain XWiki logger, full thread dump etc.). We even disabled all side panels.
xwiki.cfg:
xwiki.authentication.authclass=org.xwiki.contrib.oidc.auth.OIDCAuthServiceImpl
xwiki.properties:
nothing
page with object of class XWiki.OIDC.ClientConfigurationClass:
This is the xml of the exported object (I just removed Google client id and secret):
<object>
<name>GoogleSSOConfig</name>
<number>0</number>
<className>XWiki.OIDC.ClientConfigurationClass</className>
<guid>680745ea-d673-4bc2-b408-a7bf1f58920c</guid>
<class>
<name>XWiki.OIDC.ClientConfigurationClass</name>
<customClass/>
<customMapping/>
<defaultViewSheet/>
<defaultEditSheet/>
<defaultWeb/>
<nameField/>
<validationScript/>
<authorizationEndpoint>
<disabled>0</disabled>
<name>authorizationEndpoint</name>
<number>7</number>
<prettyName>Authorization OIDC endpoint</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</authorizationEndpoint>
<clientId>
<disabled>0</disabled>
<name>clientId</name>
<number>11</number>
<prettyName>Client ID</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</clientId>
<clientSecret>
<disabled>0</disabled>
<name>clientSecret</name>
<number>12</number>
<prettyName>Secret</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</clientSecret>
<configurationName>
<disabled>0</disabled>
<name>configurationName</name>
<number>1</number>
<prettyName>Configuration name</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</configurationName>
<groupsClaim>
<disabled>0</disabled>
<name>groupsClaim</name>
<number>2</number>
<prettyName>Group claim</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</groupsClaim>
<idTokenClaims>
<cache>0</cache>
<disabled>0</disabled>
<displayType>input</displayType>
<freeText>forbidden</freeText>
<largeStorage>0</largeStorage>
<multiSelect>1</multiSelect>
<name>idTokenClaims</name>
<number>20</number>
<prettyName>ID Token Claims</prettyName>
<relationalStorage>0</relationalStorage>
<separator>|</separator>
<separators>|,</separators>
<size>5</size>
<unmodifiable>0</unmodifiable>
<values/>
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</idTokenClaims>
<logoutEndpoint>
<disabled>0</disabled>
<name>logoutEndpoint</name>
<number>10</number>
<prettyName>Logout OIDC endpoint</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</logoutEndpoint>
<logoutEndpointMethod>
<disabled>0</disabled>
<name>logoutEndpointMethod</name>
<number>16</number>
<prettyName>Logout endpoint method</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</logoutEndpointMethod>
<logoutMechanism>
<disabled>0</disabled>
<name>logoutMechanism</name>
<number>17</number>
<prettyName>Logout mechanism</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</logoutMechanism>
<scope>
<cache>0</cache>
<disabled>0</disabled>
<displayType>input</displayType>
<freeText>forbidden</freeText>
<largeStorage>0</largeStorage>
<multiSelect>1</multiSelect>
<name>scope</name>
<number>19</number>
<prettyName>Scope</prettyName>
<relationalStorage>0</relationalStorage>
<separator>|</separator>
<separators>|,</separators>
<size>5</size>
<unmodifiable>0</unmodifiable>
<values/>
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</scope>
<skipped>
<disabled>0</disabled>
<displayFormType>select</displayFormType>
<displayType>select</displayType>
<name>skipped</name>
<number>18</number>
<prettyName>Is authentication skipped ?</prettyName>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.BooleanClass</classType>
</skipped>
<tokenEndpoint>
<disabled>0</disabled>
<name>tokenEndpoint</name>
<number>8</number>
<prettyName>Token OIDC endpoint</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</tokenEndpoint>
<tokenEndpointMethod>
<disabled>0</disabled>
<name>tokenEndpointMethod</name>
<number>13</number>
<prettyName>Token endpoint authentication method</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</tokenEndpointMethod>
<userInfoClaims>
<cache>0</cache>
<disabled>0</disabled>
<displayType>input</displayType>
<freeText>forbidden</freeText>
<largeStorage>0</largeStorage>
<multiSelect>1</multiSelect>
<name>userInfoClaims</name>
<number>21</number>
<prettyName>User info Claims</prettyName>
<relationalStorage>0</relationalStorage>
<separator>|</separator>
<separators>|,</separators>
<size>5</size>
<unmodifiable>0</unmodifiable>
<values/>
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</userInfoClaims>
<userInfoEndpoint>
<disabled>0</disabled>
<name>userInfoEndpoint</name>
<number>9</number>
<prettyName>User info OIDC endpoint</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</userInfoEndpoint>
<userInfoEndpointHeaders>
<cache>0</cache>
<disabled>0</disabled>
<displayType>input</displayType>
<freeText>forbidden</freeText>
<largeStorage>0</largeStorage>
<multiSelect>1</multiSelect>
<name>userInfoEndpointHeaders</name>
<number>15</number>
<prettyName>User info endpoint headers</prettyName>
<relationalStorage>0</relationalStorage>
<separator>|</separator>
<separators>|,</separators>
<size>5</size>
<unmodifiable>0</unmodifiable>
<values/>
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</userInfoEndpointHeaders>
<userInfoEndpointMethod>
<disabled>0</disabled>
<name>userInfoEndpointMethod</name>
<number>14</number>
<prettyName>User information endpoint method</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</userInfoEndpointMethod>
<userInfoRefreshRate>
<disabled>0</disabled>
<name>userInfoRefreshRate</name>
<number>22</number>
<numberType>integer</numberType>
<prettyName>User info refresh rate</prettyName>
<size>5</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.NumberClass</classType>
</userInfoRefreshRate>
<userMapping>
<cache>0</cache>
<disabled>0</disabled>
<displayType>input</displayType>
<freeText>forbidden</freeText>
<largeStorage>0</largeStorage>
<multiSelect>1</multiSelect>
<name>userMapping</name>
<number>5</number>
<prettyName>User mapping</prettyName>
<relationalStorage>0</relationalStorage>
<separator>|</separator>
<separators>|,</separators>
<size>5</size>
<unmodifiable>0</unmodifiable>
<values/>
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</userMapping>
<userNameFormatter>
<disabled>0</disabled>
<name>userNameFormatter</name>
<number>4</number>
<prettyName>XWiki username formatter</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</userNameFormatter>
<userSubjectFormatter>
<disabled>0</disabled>
<name>userSubjectFormatter</name>
<number>3</number>
<prettyName>Subject formatter</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</userSubjectFormatter>
<xwikiProvider>
<disabled>0</disabled>
<name>xwikiProvider</name>
<number>6</number>
<prettyName>XWiki provider</prettyName>
<size>255</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</xwikiProvider>
</class>
<property>
<authorizationEndpoint>https://accounts.google.com/o/oauth2/v2/auth</authorizationEndpoint>
</property>
<property>
<clientId>xxx</clientId>
</property>
<property>
<clientSecret>yyy</clientSecret>
</property>
<property>
<configurationName>default</configurationName>
</property>
<property>
<groupsClaim></groupsClaim>
</property>
<property>
<idTokenClaims/>
</property>
<property>
<logoutEndpoint>https://oauth2.googleapis.com/revoke</logoutEndpoint>
</property>
<property>
<logoutEndpointMethod></logoutEndpointMethod>
</property>
<property>
<logoutMechanism></logoutMechanism>
</property>
<property>
<scope>
<value>openid</value>
<value>profile</value>
<value>email</value>
</scope>
</property>
<property>
<skipped>0</skipped>
</property>
<property>
<tokenEndpoint>https://oauth2.googleapis.com/token</tokenEndpoint>
</property>
<property>
<tokenEndpointMethod></tokenEndpointMethod>
</property>
<property>
<userInfoClaims/>
</property>
<property>
<userInfoEndpoint>https://openidconnect.googleapis.com/v1/userinfo</userInfoEndpoint>
</property>
<property>
<userInfoEndpointHeaders/>
</property>
<property>
<userInfoEndpointMethod></userInfoEndpointMethod>
</property>
<property>
<userInfoRefreshRate/>
</property>
<property>
<userMapping/>
</property>
<property>
<userNameFormatter>${oidc.user.email}</userNameFormatter>
</property>
<property>
<userSubjectFormatter>${oidc.user.email}</userSubjectFormatter>
</property>
<property>
<xwikiProvider></xwikiProvider>
</property>
</object>
This config works.
What did not work, as said, was to remove that xwiki page and instead insert the following into xwiki.properties:
oidc.endpoint.authorization=https://accounts.google.com/o/oauth2/v2/auth
oidc.clientid=xxx
oidc.secret=yyy
oidc.groups.claim=
oidc.idtokenclaims=
oidc.endpoint.logout=https://oauth2.googleapis.com/revoke
oidc.scope=openid,profile,email
oidc.endpoint.token=https://oauth2.googleapis.com/token
oidc.userinfoclaims=
oidc.endpoint.userinfo=https://openidconnect.googleapis.com/v1/userinfo
oidc.user.mapping=
oidc.user.nameFormater=${oidc.user.email}
oidc.user.subjectFormater=${oidc.user.email}
It would then send the custom claims, although they are set to NULL, filled in a rather meaningless way like {"id_token":{"":null},"userinfo":{"":null}}.
The parameters are the same as in the page object so the treatment must be different at some point. We also tried completely leaving out these claim params (like oidc.userinfoclaims) from the xwiki.properties, which did not change the result.