For the documentation team:
The OIDC claims script is now able to override the "sub" claim, in the ID Token JWT. Examples of usages:
- Lower/upper case the user id, for consistency reason
- load a different user attribute for the id token, like the email address
- compute the "sub" as a combination of attributes
- inserting a complete different value, like for Open Banking, by inserting the intent id instead
Note that is was possible to override the sub if you enable the option "providerSettings.isAlwaysAddClaimsToToken()".
Therefore, this Jira makes the sub overridable, even if this option is not enabled.
As a reminder, the claims are separated in two categories: the one for the id token and the one for the user info endpoint. (see standard).
The option "providerSettings.isAlwaysAddClaimsToToken()" will therefore put all the userinfo claims into the id token anyway, even if the client didn't ask for it.
As you may not want to do this just to override the sub claim, this Jira will now offer you the possibility to still override it, without pushing all the user info claims into it.