OpenID Conformance: user info endpoint should support get and post requets, not just get

test/controllers/oidc_refresh_token_controller_test.rb

@@ -228,7 +228,11 @@ class OidcRefreshTokenControllerTest < ActionDispatch::IntegrationTest
 
     assert_response :success
     json = JSON.parse(response.body)
-    assert_equal @user.id.to_s, json["sub"]
+
+    # Should return pairwise SID from consent (alice has consent for kavita_app in fixtures)
+    consent = OidcUserConsent.find_by(user: @user, application: @application)
+    expected_sub = consent&.sid || @user.id.to_s
+    assert_equal expected_sub, json["sub"]
     assert_equal @user.email_address, json["email"]
   end
 end

test/fixtures/oidc_user_consents.yml

@@ -5,9 +5,11 @@ alice_consent:
   application: kavita_app
   scopes_granted: openid profile email
   granted_at: 2025-10-24 16:57:39
+  sid: alice-kavita-sid-12345
 
 bob_consent:
   user: bob
   application: another_app
   scopes_granted: openid email groups
   granted_at: 2025-10-24 16:57:39
+  sid: bob-another-sid-67890