how the fuck are modern authentication standards still requiring relying parties send information like usernames and display names without specifying how those can be changed by a user if necessary
straight up going to need to write an entire KB-style article explaining why oauth/OIDC/webauthn make it impossible to do username changes for the IdP i'm writing