Using Ping as OAuth authorization server, when introspect access token issued with client credential grant type, the resulted output does not include "sub" claim. Is there a way to configure Ping to include some functional ID or technical ID in the "sub" claim?
If you have PingFederate 9.0 and up, the Client Credentials grant mapping contract is customizable (see Version History here) for these purposes.
To add a "sub" claim, add the attribute "sub" to your Access Token Manager instance's contract. Then, in your Access Token Mapping (under Grant Mapping in the administrative console) you can add a mapping for the Client Credentials context for your Access Token Manager instance. You will then be able to define the fulfillment logic (as you say to some ID value) there. For more details, see: https://support.pingidentity.com/s/document-item?bundleId=pingfederate-92&topicId=adminGuide%2FaccessTokenMapping.html