Today, the authorizationClaim field of the OIDC IdP configuration is mandatory, and the server expects this claim to exist in all access tokens that are presented to it for authentication. It is used to determine the direct set of groups that the user is a member of, which are then mapped to MongoDB roles.

This ticket will introduce a new IdP configuration field called useAuthorizationClaim that is defaulted to true. When it is toggled to false, authorizationClaim will be optional and the server will instead authorize the user via a user document if it is not specified.