Technically in an id_token the sub is scoped to iss. This scoping protects user from impersonation by another IDP, portable identities need other solution for achieving this goal e.g by making the subject identifier cryptographically verifiable there are new opportunities to safely seperate out the relationship the End-User has to the provider.
Technically in an id_token the
sub
is scoped toiss
. This scoping protects user from impersonation by another IDP, portable identities need other solution for achieving this goal e.g by making the subject identifier cryptographically verifiable there are new opportunities to safely seperate out the relationship the End-User has to the provider.