Introspection could use SUB claim for Pure OAuth client Compatibility

[carrvo]

For the introspection endpoint, it only returns the active claim in the identity token but the spec requires more (and so does the underlying OAuth spec).

More specifically, mod_oauth2 requires at least the sub claim. I believe this is so that it can set the user in Apache for other modules to process.

[carrvo]

I am mistaken. It does return more claims in the identity token.
Additionally, the sub claim is neither required for IndieAuth nor OAuth.
However, the sub claim is required to be compatible with mod_oauth2 (a pure OAuth client for Apache).

I would be grateful if this were added; but can be satisfied with it closed without fix.

[carrvo]

Evidence that required fields are implemented can be seen in the test.