Hi Sascha,
Thank you for all the details, and thanks you brought up the LookUp Extension topic in.
1. Yes the Client is registered with scope = openid thru Oauth/Manager.
I verified that the scope value reflected in the oauth_token table of OTK DB.
Client Using the Spring Security Module & configuration what a regular Oauth follows.
In the logs the Client sees there is a response from UserInfo, but when trying to invoke getScope it returns null. From OTK DB also i see that the response_type=authorization_code.
2. We did extend the OTK User Attribute Lookup Extension to include the attributes from Identity Provider. But happen to see that MAS.MasUsePlugin donot reflect the data from Identity Provider, and all the time its the static profie " Darth Vader ".