Right, I wasn't sure if you were referring specifically to the user's profile information on the OIDC server, the other user data stored by the same entity which runs the OIDC server (which is common but not the case for obligator because it's identity-only), or the user's data on the app that they're trying to log into.