6676e209c7
OIDC tokens had subject "oidc:<sub>" which didn't match the "ui:" prefix check in JwtAuthenticationFilter, causing every post-login API call to return 401 and trigger automatic logout. Renamed the prefix from "ui:" to "user:" across all auth code for clarity (it covers both browser and API clients, not just UI). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>