So funny enough, that's exactly what I understood of the system. The current oath2 plugin apparently supports connectid and jwt, so that's the easy part.
The problem is, that means the users all have to login once before they exist in the system. This is not good for class management. What I want to know is how I register all my users into the system before hand and either map them to a connectID or when they finally log in have the connect id auto map to the user already registered.