When we started we just had users in our dev application and we set the
auth.abc.com. Recently we added client grants and the
issuer is different:
Now, when validating access tokens if we set the
auth.abc.com then clients won’t work, and if we set the
abc.auth0.com users won’t work. So we are running into the issue we cannot validate tokens for both users and clients.
I can think of two way to solve this, which brings about two questions.
- Update existing users to
abc.auth0.com. (Preferred) How would we do that?
- Validate tokens against multiple issuers. How would we do that using the SDKs (java)?