Add more control over on the user creation for users that doesn't already exist in the users collection

[yaronuliel]

When a user pass the authentication level, while it doesn't exist in the users collection - currently the plugin creates a new user in the collection without much control (aside from the collection config)

It would be great if we could completely disable the missing user create via plugin config (sometimes authorization is fully managed inside the app, while only the authentication step is manages in the external identity provider).

Also, it would make sense to be able to pass a callback function that receives the JWTUser object and returns the properties of the new user to create (while returning null means - don't create user or something like that)

[WilsonLe]

Also, it would make sense to be able to pass a callback function that receives the JWTUser object and returns the properties of the new user to create (while returning null means - don't create user or something like that)

Maybe I misunderstood but isn't that's what the configurable getUserInfo does?

[yaronuliel]

Also, it would make sense to be able to pass a callback function that receives the JWTUser object and returns the properties of the new user to create (while returning null means - don't create user or something like that)

Maybe I misunderstood but isn't that's what the configurable getUserInfo does?

getUserInfo is used as a way to extract information from accessToken (which requires additional, IDP specific work) - while in my suggestion - you should take the already extracted information from the accessToken and be able to massage it before it is being stored on the user.
My suggestion also adds the important ability to cancel the login process / user search by returning NULL. in some cases you might want the process to stop due to internal system configuration though the external login passed successfuly - (authentication vs authorization)