From 453f5775902066d6dc5b79022af3ca781022bf2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Thu, 20 Apr 2023 14:38:56 +0200
Subject: [PATCH] Add "sub" to the list of claims whose type is checked by
 ValidateFrontchannelIdentityTokenWellknownClaims/ValidateBackchannelIdentityTokenWellknownClaims

---
 src/OpenIddict.Client/OpenIddictClientHandlers.cs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/OpenIddict.Client/OpenIddictClientHandlers.cs b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
index 81617fda..b8b5ae4f 100644
--- a/src/OpenIddict.Client/OpenIddictClientHandlers.cs
+++ b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
@@ -1611,7 +1611,8 @@ public static partial class OpenIddictClientHandlers
             {
                 // The following JWT claims MUST be represented as unique strings.
                 {
-                    Key: Claims.AuthenticationContextReference or Claims.AuthorizedParty or Claims.Issuer or Claims.Nonce,
+                    Key: Claims.AuthenticationContextReference or Claims.AuthorizedParty or
+                         Claims.Issuer or Claims.Nonce or Claims.Subject,
                     Value: List<Claim> values
                 } => values.Count is 1 && values[0].ValueType is ClaimValueTypes.String,
 
@@ -2935,7 +2936,8 @@ public static partial class OpenIddictClientHandlers
             {
                 // The following JWT claims MUST be represented as unique strings.
                 {
-                    Key: Claims.AuthenticationContextReference or Claims.AuthorizedParty or Claims.Issuer or Claims.Nonce,
+                    Key: Claims.AuthenticationContextReference or Claims.AuthorizedParty or
+                         Claims.Issuer or Claims.Nonce or Claims.Subject,
                     Value: List<Claim> values
                 } => values.Count is 1 && values[0].ValueType is ClaimValueTypes.String,