IdentityServer4 - sub claim is missing

I was having the same exact issue and resolved it by adding:

.AddAspNetIdentity<ApplicationUser>();

to

services.AddIdentityServer()

in Startup.cs

So I finally got to the bottom of it. It seems the default header limits in nginx don't play nice and I found this in the logs upstream sent too big header while reading response header from upstream

Updating the nginx config to include the lines

proxy_buffer_size          128k;
proxy_buffers              4 256k;
proxy_busy_buffers_size    256k;

prevented the 502 error and it all authenticates fine now.