13Ara
Which characters are legal in OpenID Connect subject identifiers?
Are any of the "control characters" legal? That is, those in the range 0x00 to 0x1F, legal? For instance, carriage return, line feed, tab, or zero? What about 0x7F?
The OIDC spec just says "The sub value is a case-sensitive string."
Also, which document/spec/RFC defines the set of legal characters?
