Overview#Sub is a Claim used in various Tokens OpenID Connect Identity Token Sub is a Subject Identifier is a locally unique and never re-assigned identifier within the Issuer for the Authenticated Entity, which is intended to be consumed by the OAuth Client. Two Subject Identifier types are defined by OpenID Connect:
- public - provides the same sub (subject) value to all OAuth Client. It is the default if the provider has no subject_types_supported element in its discovery document.
- pairwise - provides a different Sub value to each OAuth Client, so as not to enable OAuth Client to correlate the End-User's activities without permission.
Sub MUST NOT exceed 255 ASCII characters in length.
Sub sub value is a Case-sensitive string.Reserved Claim Name identifies the principal that is the subject of the JSON Web Token.
The processing of this JSON Web Token Claim is generally application specific.
The "Sub" value is a Case-sensitive string containing a StringOrURI value.