oidc-auth-mananger seems to make an invalid assumption that all OIDC Issuers are URIs with an empty path part. if a webid has an OIDC Issuer URI with a path part (like my webid https://zenomt.zenomt.com/card.ttl#me with issuer https://zenomt.com/oidc/), it can never be matched against the id_token iss claim because the discovered issuer URI is reduced to its origin before being compared. see these lines in preferred-provider.js.
OIDC Issuers are allowed to have path parts.
oidc-auth-mananger seems to make an invalid assumption that all OIDC Issuers are URIs with an empty path part. if a webid has an OIDC Issuer URI with a path part (like my webid https://zenomt.zenomt.com/card.ttl#me with issuer https://zenomt.com/oidc/), it can never be matched against the id_token
issclaim because the discovered issuer URI is reduced to its origin before being compared. see these lines in preferred-provider.js.OIDC Issuers are allowed to have path parts.