diff --git a/changelog/3.0.0_2023-05-22/fix-idp-sub-recreation.md b/changelog/3.0.0_2023-05-22/fix-idp-sub-recreation.md
index da1d954e1a0..8f2df658f8e 100644
--- a/changelog/3.0.0_2023-05-22/fix-idp-sub-recreation.md
+++ b/changelog/3.0.0_2023-05-22/fix-idp-sub-recreation.md
@@ -7,12 +7,7 @@ use the user's unique id (`owncloudUUID` by default) for computing the `sub`
 claim. So that user's recreated with the same name will be treated as different
 users by the IDP.
 
-This changed also the default values of the 'PROXY_USER_OIDC_CLAIM' and
-'PROXY_USER_CS3_CLAIM' settings map the IDP users to CS3 user by the userid in
-the default setup. The old behavior of matching by username can be achieved
-byt setting 'PROXY_USER_OIDC_CLAIM=preferred_username' and
-'PROXY_USER_CS3_CLAIM=username'.
-
 https://github.com/owncloud/ocis/issues/904
 https://github.com/owncloud/ocis/pull/6326
 https://github.com/owncloud/ocis/pull/6338
+https://github.com/owncloud/ocis/pull/6420
diff --git a/services/idp/pkg/config/config.go b/services/idp/pkg/config/config.go
index 6439d2e8a8c..1b18560fbfc 100644
--- a/services/idp/pkg/config/config.go
+++ b/services/idp/pkg/config/config.go
@@ -61,7 +61,6 @@ type Client struct {
 	ID              string   `yaml:"id"`
 	Name            string   `yaml:"name"`
 	Trusted         bool     `yaml:"trusted"`
-	ImplicitScopes  []string `yaml:"implicit_scopes"`
 	Secret          string   `yaml:"secret"`
 	RedirectURIs    []string `yaml:"redirect_uris"`
 	Origins         []string `yaml:"origins"`
diff --git a/services/idp/pkg/config/defaults/defaultconfig.go b/services/idp/pkg/config/defaults/defaultconfig.go
index eb5f81db404..dc6f2ebedea 100644
--- a/services/idp/pkg/config/defaults/defaultconfig.go
+++ b/services/idp/pkg/config/defaults/defaultconfig.go
@@ -71,10 +71,9 @@ func DefaultConfig() *config.Config {
 		},
 		Clients: []config.Client{
 			{
-				ID:             "web",
-				Name:           "ownCloud Web app",
-				ImplicitScopes: []string{"LibgreGraph.UUID"},
-				Trusted:        true,
+				ID:      "web",
+				Name:    "ownCloud Web app",
+				Trusted: true,
 				RedirectURIs: []string{
 					"{{OCIS_URL}}/",
 					"{{OCIS_URL}}/oidc-callback.html",
@@ -88,7 +87,6 @@ func DefaultConfig() *config.Config {
 				ID:              "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69",
 				Secret:          "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh",
 				Name:            "ownCloud desktop app",
-				ImplicitScopes:  []string{"LibgreGraph.UUID"},
 				ApplicationType: "native",
 				RedirectURIs: []string{
 					"http://127.0.0.1",
@@ -99,7 +97,6 @@ func DefaultConfig() *config.Config {
 				ID:              "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD",
 				Secret:          "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD",
 				Name:            "ownCloud Android app",
-				ImplicitScopes:  []string{"LibgreGraph.UUID"},
 				ApplicationType: "native",
 				RedirectURIs: []string{
 					"oc://android.owncloud.com",
@@ -109,7 +106,6 @@ func DefaultConfig() *config.Config {
 				ID:              "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1",
 				Secret:          "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx",
 				Name:            "ownCloud iOS app",
-				ImplicitScopes:  []string{"LibgreGraph.UUID"},
 				ApplicationType: "native",
 				RedirectURIs: []string{
 					"oc://ios.owncloud.com",
diff --git a/services/proxy/pkg/command/server.go b/services/proxy/pkg/command/server.go
index e49317c1722..11b18850d1e 100644
--- a/services/proxy/pkg/command/server.go
+++ b/services/proxy/pkg/command/server.go
@@ -344,10 +344,8 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config,
 	if cfg.EnableBasicAuth {
 		logger.Warn().Msg("basic auth enabled, use only for testing or development")
 		authenticators = append(authenticators, middleware.BasicAuthenticator{
-			Logger:        logger,
-			UserProvider:  userProvider,
-			UserCS3Claim:  cfg.UserCS3Claim,
-			UserOIDCClaim: cfg.UserOIDCClaim,
+			Logger:       logger,
+			UserProvider: userProvider,
 		})
 	}
 
diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go
index 9c21bbf2c0b..16ee92d710d 100644
--- a/services/proxy/pkg/config/defaults/defaultconfig.go
+++ b/services/proxy/pkg/config/defaults/defaultconfig.go
@@ -74,8 +74,8 @@ func DefaultConfig() *config.Config {
 			Enabled:            true,
 		},
 		AccountBackend:        "cs3",
-		UserOIDCClaim:         "lg.uuid",
-		UserCS3Claim:          "userid",
+		UserOIDCClaim:         "preferred_username",
+		UserCS3Claim:          "username",
 		AutoprovisionAccounts: false,
 		EnableBasicAuth:       false,
 		InsecureBackends:      false,