[Idpy-discuss] id_token + sub?

Hi all, As far as I understand, the 'sub' is the standard claim to release a user identifier value when you use OpenID Connect frontend. But even though the subject_id is properly set in the internal request, I can not get the frontend to not change this value when it creates the id_token. Is there a way to do this? Or how do others release the user's identifier using OIDC? I can do it using 'email' or a custom claim, but none of this seems to be The Right Way. However, I'm inclined to think that using 'sub' for the user identifier is overly complex, because I want to be able to populate the subject_id from a SAML2 NameID (on the backend side), which I can only do with a response microservice, but I'm not confident that changing the 'subject_id' in a microservice is a safe and supported operation. Thanks for any insight, Kristof