The authority mapper used in OIDCAuthenticationProvider only has access to 'sub' and 'issuer'.

Granted authorities may be based on additional information returned from the user info endpoint (such as role/privileges information; see also discussion here: #681).

I propose to also make the user info available to the authority mapper (e.g. by adding the user info to the SubjectIssuerGrantedAuthority).