the oidc module expect accountId and sub to be the same

in our case sub is the username exposed to the app, not the userId
internal to Cloudron

Upstream behavior change 9b89153c0e

src/user-directory.js

@@ -43,7 +43,7 @@ async function setProfileConfig(profileConfig, options, auditSource) {
             if (options.persistUserIdSessions === user.id) continue; // do not logout the API caller
 
             await tokens.delByUserIdAndType(user.id, oidcClients.ID_WEBADMIN);
-            await oidcServer.revokeByUserId(user.id);
+            await oidcServer.revokeByUsername(user.username);
         }
     }
 }