OIDC bound_claims not working if nested JSON

I am authenticating users to vault using the OIDC method…so far that works. Now I want to limit login permissions to certain groups and I tried using bound_claims for that. Problem is that it only works if bound_claims is a flat string, but not if bound_claims is itself JSON. The returned JSON object looks something like this:

"access": {
  "vault": {
    "roles": ["somerole"]

The OIDC role config allows me to set this as a bound_claim which made me think it should work. But on login Vault does not match on the JSON, it always treats the value as a string or a list, even if vault read auth/oidc/role/somerole parses the JSON correctly as maps.

Do I have to customize my IDP so it does not return JSON in the claim or is there a way to make Vault parse the data?