diff --git a/authentik/providers/oauth2/models.py b/authentik/providers/oauth2/models.py
index b6440593b..e40c6f643 100644
--- a/authentik/providers/oauth2/models.py
+++ b/authentik/providers/oauth2/models.py
@@ -12,7 +12,6 @@ from uuid import uuid4
 
 from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey
 from dacite import from_dict
-from django.conf import settings
 from django.db import models
 from django.http import HttpRequest
 from django.utils import dateformat, timezone
@@ -457,7 +456,7 @@ class RefreshToken(ExpiringModel, BaseGrantModel):
         See: http://openid.net/specs/openid-connect-core-1_0.html#IDToken"""
         sub = ""
         if self.provider.sub_mode == SubModes.HASHED_USER_ID:
-            sub = sha256(f"{user.id}-{settings.SECRET_KEY}".encode("ascii")).hexdigest()
+            sub = user.uid
         elif self.provider.sub_mode == SubModes.USER_EMAIL:
             sub = user.email
         elif self.provider.sub_mode == SubModes.USER_USERNAME:
diff --git a/outpost/pkg/proxy/templates.go b/outpost/pkg/proxy/templates.go
index 1efdb210d..ca61f9ca3 100644
--- a/outpost/pkg/proxy/templates.go
+++ b/outpost/pkg/proxy/templates.go
@@ -13,12 +13,14 @@ func getTemplates() *template.Template {
 <head>
 	<title>{{.Title}}</title>
 	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
+	<style>* { font-family: sans-serif; }</style>
 </head>
 <body>
 	<h2>{{.Title}}</h2>
 	<p>{{.Message}}</p>
 	<hr>
 	<p><a href="{{.ProxyPrefix}}/sign_in">Sign In</a></p>
+	<p>Powered by <a href="https://goauthentik.io">authentik</a></p>
 </body>
 </html>{{end}}`)
 	if err != nil {