Exported Variables can be of type JSON.
Summary
For some use cases it is required, that exported variables are JSON objects / JSON arrays.
My current problem is, that I have a OIDC relying party (Xwiki), which needs the groups given as a JSON array.
See this configuration file of the OIDC authentication plugin of XWiki:
#-# The name of the claim used to get the list of groups the user belong to.
#-# This claim also need to be listed in oidc.userinfoclaims which control if group membership synchronization is enabled or not.
#-#
#-# It's also possible to use a custom property from the userinfo JSON.
#-# For example if the provider send the following JSON for the user info:
#-# {
#-# "sub" : "248289761001",
#-# "name" : "Jane Doe",
#-# "given_name" : "Jane",
#-# "family_name" : "Doe",
#-# "preferred_username" : "j.doe",
#-# "email" : "janedoe@example.com",
#-# "picture" : "http://example.com/janedoe/me.jpg"
#-# "customoject" :
#-# {
#-# "customgroups" : ["group1", "group2"]
#-# }
#-# }
#-# you can use:
# oidc.groups.claim=customoject.customgroups
#-#
#-# The default is:
# oidc.groups.claim=xwiki_groups
I solved the problem for me by adding an exception here for my exported variable group_json. But this is not a long term solution.
Design proposition
Session Variables should be always JSON-Variables.
Importing of the variables has to be changed, to allow for JSON-Variables in OIDC. Also maybe in LDAP, CAS, SAML?.
Manipulation of variables by macros can be changed,
Exporting of the variables also has to be changed. Depending on the JSON-datatype and the protocol different output is needed.
These are many changes, but I do not see an easier way...