From 228b86f5a3e1cbce58f4b5ee2c0c08fc2ec3472f Mon Sep 17 00:00:00 2001
From: Philippe Loctaux <p@philippeloctaux.com>
Date: Wed, 22 Mar 2023 19:11:38 +0100
Subject: [PATCH] openid: same `sub` for all clients

---
 crates/openid/src/configuration.rs | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/crates/openid/src/configuration.rs b/crates/openid/src/configuration.rs
index 512a413..598ee72 100644
--- a/crates/openid/src/configuration.rs
+++ b/crates/openid/src/configuration.rs
@@ -24,12 +24,7 @@ pub fn configuration(base_url: &str) -> Result<Value, Error> {
         JsonWebKeySetUrl::from_url(jwks_uri),
         // Supported response types (flows).
         crate::supported_response_types(),
-        // For user privacy, the Pairwise subject identifier type is preferred. This prevents
-        // distinct relying parties (clients) from knowing whether their users represent the same
-        // real identities. This identifier type is only useful for relying parties that don't
-        // receive the 'email', 'profile' or other personally-identifying scopes.
-        // The Public subject identifier type is also supported.
-        vec![CoreSubjectIdentifierType::Pairwise],
+        vec![CoreSubjectIdentifierType::Public],
         vec![CoreJwsSigningAlgorithm::RsaSsaPssSha256],
         // OpenID Connect Providers may supply custom metadata by providing a struct that
         // implements the AdditionalProviderMetadata trait. This requires manually using the