Is it safe to use OAuth2AuthenticatedPrincipal name as a unique ID to allow access to user resources? If the application supports multiple oAuth providers (e.g. Google, GitHub) could there be a conflict of IDs?