There are cases to assign additional data to users and groups which should be accessible to admins of the local system. For example, @ajm370 wants to have shared user and group IDs on all systems using authd, and wants to achieve that by setting IDs via directory extensions, then read those once the user logged in and use authctl to change the user/group ID to the one from the directory extension (once authctl supports that). See #630 (comment) and the discussion following that comment.

The directory extension attributes of user objects can already be stored in the token.json file, by emitting them as claims in the ID token (which is stored in JWT format in the RawIDToken field of token.json): https://learn.microsoft.com/en-us/entra/identity-platform/schema-extensions

Directory extension attributes of groups are part of the group object which we already fetch via the Microsoft Graph API. A small patch is necessary to also store those in the token.json.