diff --git a/pkg/op/discovery.go b/pkg/op/discovery.go
index 8251261..6af1674 100644
--- a/pkg/op/discovery.go
+++ b/pkg/op/discovery.go
@@ -213,32 +213,12 @@ func AuthMethodsRevocationEndpoint(c Configuration) []oidc.AuthMethod {
 }
 
 func SupportedClaims(c Configuration) []string {
-	return []string{ // TODO: config
-		"sub",
-		"aud",
-		"exp",
-		"iat",
-		"iss",
-		"auth_time",
-		"nonce",
-		"acr",
-		"amr",
-		"c_hash",
-		"at_hash",
-		"act",
-		"scopes",
-		"client_id",
-		"azp",
-		"preferred_username",
-		"name",
-		"family_name",
-		"given_name",
-		"locale",
-		"email",
-		"email_verified",
-		"phone_number",
-		"phone_number_verified",
+	provider, ok := c.(*Provider)
+	if ok && provider.config.SupportedClaims != nil {
+		return provider.config.SupportedClaims
 	}
+
+	return DefaultSupportedClaims
 }
 
 func CodeChallengeMethods(c Configuration) []oidc.CodeChallengeMethod {
diff --git a/pkg/op/op.go b/pkg/op/op.go
index 939ebf8..fdc073c 100644
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@@ -45,6 +45,33 @@ var (
 		DeviceAuthorization: NewEndpoint(defaultDeviceAuthzEndpoint),
 	}
 
+	DefaultSupportedClaims = []string{
+		"sub",
+		"aud",
+		"exp",
+		"iat",
+		"iss",
+		"auth_time",
+		"nonce",
+		"acr",
+		"amr",
+		"c_hash",
+		"at_hash",
+		"act",
+		"scopes",
+		"client_id",
+		"azp",
+		"preferred_username",
+		"name",
+		"family_name",
+		"given_name",
+		"locale",
+		"email",
+		"email_verified",
+		"phone_number",
+		"phone_number_verified",
+	}
+
 	defaultCORSOptions = cors.Options{
 		AllowCredentials: true,
 		AllowedHeaders: []string{
@@ -146,6 +173,7 @@ type Config struct {
 	GrantTypeRefreshToken    bool
 	RequestObjectSupported   bool
 	SupportedUILocales       []language.Tag
+	SupportedClaims          []string
 	DeviceAuthorization      DeviceAuthorizationConfig
 }
 
diff --git a/pkg/op/op_test.go b/pkg/op/op_test.go
index 062fcfe..f97f666 100644
--- a/pkg/op/op_test.go
+++ b/pkg/op/op_test.go
@@ -30,6 +30,7 @@ var (
 		AuthMethodPrivateKeyJWT:  true,
 		GrantTypeRefreshToken:    true,
 		RequestObjectSupported:   true,
+		SupportedClaims:          op.DefaultSupportedClaims,
 		SupportedUILocales:       []language.Tag{language.English},
 		DeviceAuthorization: op.DeviceAuthorizationConfig{
 			Lifetime:     5 * time.Minute,