diff --git a/appinfo/info.xml b/appinfo/info.xml
index 5918f2ce3fab42ededa8782c53b2ca0972b0a23c..44223cf7326cdc119a0809df6ca2949651dcbca9 100644
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -18,7 +18,7 @@ Provides user creation and login via one single OpenID Connect provider. Even th
 - Automatic redirection from the nextcloud login page to the Identity Provider login page
 - WebDAV endpoints `Bearer` and `Basic` authentication
 ]]></description>
-    <version>3.2.2-2</version>
+    <version>3.2.2-3</version>
     <licence>agpl</licence>
     <author>pulsejet</author>
     <namespace>OIDCLogin</namespace>
diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
index bdf58c15a96998a6db97d2026611f05ca6c29da7..7fe2d4920c23880f1cc6d806429f8decd311b69d 100644
--- a/lib/AppInfo/Application.php
+++ b/lib/AppInfo/Application.php
@@ -26,22 +26,24 @@ use OCP\Util;
 
 class Application extends App implements IBootstrap
 {
-    private const TOKEN_LOGIN_KEY = 'is_oidc_token_login';
+    public const APP_ID = 'oidc_login';
+    public const OIDC_PROVIDER_UID_KEY = 'oidc_uid';
+
     protected IURLGenerator $url;
     protected IL10N $l;
     protected IConfig $config;
 
+    private const TOKEN_LOGIN_KEY = 'is_oidc_token_login';
+
     /** @var TokenService */
     private $tokenService;
 
     /** @var LoginService */
     private $loginService;
 
-    private $appName = 'oidc_login';
-
     public function __construct()
     {
-        parent::__construct($this->appName);
+        parent::__construct(self::APP_ID);
     }
 
     public function register(IRegistrationContext $context): void
@@ -166,7 +168,7 @@ class Application extends App implements IBootstrap
 
             // Hide password change form
             if ($this->config->getSystemValue('oidc_login_hide_password_form', false)) {
-                Util::addStyle($this->appName, 'oidc.hidepasswordform');
+                Util::addStyle(self::APP_ID, 'oidc.hidepasswordform');
             }
 
             return;
@@ -227,7 +229,7 @@ class Application extends App implements IBootstrap
             $bearerAuthBackend->login($bearerToken);
             $session->set(self::TOKEN_LOGIN_KEY, 1);
         } catch (\Exception $e) {
-            $logger->debug("OIDC Bearer token validation failed with: {$e->getMessage()}", ['app' => $this->appName]);
+            $logger->debug("OIDC Bearer token validation failed with: {$e->getMessage()}", ['app' => self::APP_ID]);
         }
     }
 }
diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php
index d02c3ab4c3fab2d174e249e2b4d78f07d5d90213..730b871e4c1d4ae1cdf327bd2cc288ae8cb25516 100644
--- a/lib/Controller/LoginController.php
+++ b/lib/Controller/LoginController.php
@@ -146,6 +146,8 @@ class LoginController extends Controller
             $this->tokenService->updateTokens($user, $tokenResponse);
         }
 
+        $this->tokenService->persistOIDCProviderUID($user, $oidc);
+
         // Workaround to create user files folder. Remove it later.
         \OC::$server->get(IRootFolder::class)->getUserFolder($user->getUID());
 
diff --git a/lib/Provider/OpenIDConnectClient.php b/lib/Provider/OpenIDConnectClient.php
index ff3315701e1f6c9881ac800bc1b5769391a4ef62..06380d1885fcd34eb89e501be6e5d5b9a5f5a257 100644
--- a/lib/Provider/OpenIDConnectClient.php
+++ b/lib/Provider/OpenIDConnectClient.php
@@ -217,6 +217,10 @@ class OpenIDConnectClient extends \Jumbojett\OpenIDConnectClient
         return $end_session_endpoint;
     }
 
+    public function getUserId(): ?string {
+        return $this->getVerifiedClaims('sub');
+    }
+
     protected function getSessionKey($key)
     {
         return $this->session->get($key);
@@ -331,4 +335,4 @@ class OpenIDConnectClient extends \Jumbojett\OpenIDConnectClient
 
         return $resp;
     }
-}
\ No newline at end of file
+}
diff --git a/lib/Service/TokenService.php b/lib/Service/TokenService.php
index 0db5defcf81369947f03fc7fcd99d4935cebd37f..9f9f192d12b67a1cdeb12ca9e032e3b7672b47c1 100644
--- a/lib/Service/TokenService.php
+++ b/lib/Service/TokenService.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace OCA\OIDCLogin\Service;
 
+use OCA\OIDCLogin\AppInfo\Application;
 use OCA\OIDCLogin\Db\Entities\RefreshToken;
 use OCA\OIDCLogin\Db\Mappers\RefreshTokenMapper;
 use OCA\OIDCLogin\Events\AccessTokenUpdatedEvent;
@@ -195,4 +196,19 @@ class TokenService
             $this->session->set('oidc_logout_url', false);
         }
     }
+
+    public function persistOIDCProviderUID(IUser $user, OpenIDConnectClient $oidc) {
+        $userId = (string) $user->getUID();
+        $savedOIDCUid = $this->config->getUserValue($userId, Application::APP_ID, Application::OIDC_PROVIDER_UID_KEY);
+        if ($savedOIDCUid !== null && trim($savedOIDCUid) !== '') {
+            return;
+        }
+
+        $oidcUid = $oidc->getUserId();
+        if ($oidcUid === null || trim($oidcUid) === '') {
+            return;
+        }
+
+        $this->config->setUserValue($userId, Application::APP_ID, Application::OIDC_PROVIDER_UID_KEY, $oidcUid);
+    }
 }