The user_selector classes supported custom list of extra identity
fields. But they should obey the configured user policy and respect the
privacy setting made by site administrators. So the list of user
identifiers should never be hard-coded, but the setting
$CFG->showuseridentity should be always respected.