...
See UserInterface for a detailed look at the IdP’s view templates.
While this would not prevent a malicious party from altering it, A malicious party could still alter the username, preventing which would require server-side measures. However, there is typically no need to worry about that since the service provider is responsible for determining the strength of the authentication required.
...