diff --git a/uffd/oauth2/views.py b/uffd/oauth2/views.py
index a7d81d06d3ad533bb92b2b6cb1999f55425c0f6a..a054b0d1ad25d1326395a8d5b42505f6c3449c8e 100644
--- a/uffd/oauth2/views.py
+++ b/uffd/oauth2/views.py
@@ -100,6 +100,9 @@ def token():
 @oauth.require_oauth('profile')
 def userinfo():
 	user = request.oauth.user
+	# We once exposed the entryUUID here as "ldap_uuid" until realising that it
+	# can (and does!) change randomly and is therefore entirely useless as an
+	# indentifier.
 	return jsonify(
 		id=user.uid,
 		name=user.displayname,