It is a common problem for identity providers and their users that they do not have a strict definition of claims aside from a generic read/write.
Otherwise the user would get a giant prompt upon first use about which claims are needed to proceed. If that takes hold, people will just click away the message and third party logon would be as vulnerable to phishing than conventional logins.
Otherwise it is nice to have an API that almost can do anything. I think this is the strategy of GitHub, to provide a service beyond the user login and also serve as infrastructure.
Otherwise the user would get a giant prompt upon first use about which claims are needed to proceed. If that takes hold, people will just click away the message and third party logon would be as vulnerable to phishing than conventional logins.
Otherwise it is nice to have an API that almost can do anything. I think this is the strategy of GitHub, to provide a service beyond the user login and also serve as infrastructure.