diff --git a/server/id_token.go b/server/id_token.go
index 72f31f5..600f61a 100644
--- a/server/id_token.go
+++ b/server/id_token.go
@@ -25,10 +25,12 @@ func addIdTokenSupport(srv *server.Server, db *database.DB, key mjwt.Signer) {
 }
 
 // IdTokenClaims contains the JWT claims for an access token
-type IdTokenClaims struct{}
+type IdTokenClaims struct {
+	Subject string `json:"subject"`
+}
 
 func (a IdTokenClaims) Valid() error { return nil }
-func (a IdTokenClaims) Type() string { return "access-token" }
+func (a IdTokenClaims) Type() string { return "id-token" }
 
 func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (token string, err error) {
 	tx, err := us.Begin()
@@ -41,7 +43,7 @@ func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (tok
 	}
 	tx.Rollback()
 
-	token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), IdTokenClaims{})
+	token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), &IdTokenClaims{Subject: user.Sub})
 	return
 }
 
diff --git a/server/login.go b/server/login.go
index 8ad9fb9..01973d9 100644
--- a/server/login.go
+++ b/server/login.go
@@ -56,7 +56,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
 			Path:     "/",
 			MaxAge:   -1,
 			Secure:   true,
-			SameSite: http.SameSiteStrictMode,
+			SameSite: http.SameSiteLaxMode,
 		})
 		http.Redirect(rw, req, (&url.URL{
 			Path: "/login",
@@ -82,7 +82,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http
 		Expires:  future,
 		MaxAge:   int(future.Sub(now).Seconds()),
 		Secure:   true,
-		SameSite: http.SameSiteStrictMode,
+		SameSite: http.SameSiteLaxMode,
 	})
 
 	// save state for use later
@@ -161,7 +161,7 @@ func (h *HttpServer) setLoginDataCookie(rw http.ResponseWriter, userId string) b
 		Path:     "/",
 		Expires:  time.Now().AddDate(0, 3, 0),
 		Secure:   true,
-		SameSite: http.SameSiteStrictMode,
+		SameSite: http.SameSiteLaxMode,
 	})
 	return false
 }
diff --git a/server/server.go b/server/server.go
index 1dd23cf..e831338 100644
--- a/server/server.go
+++ b/server/server.go
@@ -143,7 +143,7 @@ func NewHttpServer(conf Conf, db *database.DB, signingKey mjwt.Signer) *http.Ser
 				Path:     "/",
 				MaxAge:   -1,
 				Secure:   true,
-				SameSite: http.SameSiteStrictMode,
+				SameSite: http.SameSiteLaxMode,
 			})
 
 			http.Redirect(rw, req, "/", http.StatusFound)