support CID used by OIDC AuthN suite from LWS

[elf-pavlik]

https://w3c.github.io/lws-protocol/lws10-authn-openid/#validation

This should be straight forward change, I believe minor adjustment in
https://github.com/CommunitySolidServer/access-token-verifier/blob/3e48daad44ff362a7b872eca695dc3df22c6ad03/src/algorithm/retrieveWebidTrustedOidcIssuers.ts

cc/ @matthieubosquet

[joachimvh]

I think this might break some existing Solid setups. Currently the Solid-OIDC spec doesn't really say anything about what value the sub field should have. For CSS we put the WebID there because it seemed to make most sense, but that might not be the case for all Solid IDPs. This would also reject all WebIDs that have not made that change yet, so this would be a very breaking change. We could potentially add it to the v8 alpha release if that is what you meant. Is there any reason you want to already add this one specific requirement from LWS?

[elf-pavlik]

Since CID has its own conent type https://www.w3.org/TR/cid/#controller-media-type
It should be possible to support both at least to discover issuers.

This issue is mostly intending to start exploration of how complex the transition could be. LWS OIDC suite on it's own also isn't sufficient, I have notes on what might need to be added in https://elf-pavlik.github.io/lws-auth/view/oidc/?dynamic=sequence

Here I would mostly like to focus on trusted oidc issuer validation.

[joachimvh]

So your suggestion is that if the sub value is a CID, then the checks should happen? That seems more fine yes, I was worried about already supporting the MUST part of the spec.