Provide a way to change which attribute is mapped to the sub in the access_token/refresh_token.
Usecase is where users are allowed to change their userId(cn) and an internal guid is used to identify a user. Customer would like to be able to configure the sub at the module level and be able to override the general settings at the clientid level.
This is very similar to https://bugster.forgerock.org/jira/browse/OPENAM-7878 however customer would like to be able to update access and refresh token because it should be consistent across the tokens. Because if id_token has different sub than access_token it is a contradiction especially when the authentication sub is to be hidden by replacing with other attribute.