Looking for clarification on Authorization Extension API Groups

I have spent the better part of the day trying to figure out how we can map a group as an owner of a few entities in our DB which ultimately lead me to first getting some claims to pass through about the user. All I am really trying to do is get the groups array to populate within custom claim on the IdToken passed to the client.

The default extension rule is capable of this, but references the groups by name, which strikes me as extremely odd, since anyone with access to the dashboard can manually change a name. Is there intentionality behind this behavior as to why the default behavior isn’t to expose an array of group IDs? It just seems like a major oversight, and it would introduce very brittle behavior in some projects.