We need the ability to configure OAuth and OIDC with grant revocation as writeable attribute on any user store. This is the attribute that has the default name nidsOAuthGrant. At our major NAM customer we use two user stores, AD and eDirectory, and have configured virtual attributes in NAM to allow claims to be pulled from either directory. Our NAM Identity Servers only have read permission to AD, and read/write to eDirectory. Because nidsOAuthGrant must be writeable, we can’t hold it in AD. Because authentication begins with AD, NAM seems to require nidsOAuthGrant to be defined as an LDAP attribute in AD. Please can we hold it in eDirectory, perhaps as a virtual attribute or similar method?