Now my current tenant (“production”) created a year ago. I decided to create a new tenant (“development”), however this dev tenant api is different from prod , for example: for “prod” tenant I using scope: “openid profile” and get profile information (user_id, email, etc.) , so for new “dev” tenant scope: “openid profile email” (added email scope) and at getting profile info is missing user_id instead of “sub” key. This api changes is not problem for me, but I want to know what is the most correct way to upgrade/migrate my old “prod” tenant to new version? Thanks.
The behavior you are seeing is not due to a difference between the two tenants, but between the clients in them. All new clients created are marked as OIDC-conformant
, so your new tenant’s clients are exhibiting those characteristics. You can, however, turn off the OIDC-conformant flag under the Oauth tab in client’s advanced settings to get the old behavior back.
Of course, the recommended/correct way is to switch to this new OIDC-conformant behavior. This behavior is strictly compliant with the OpenID Connect specification: Final: OpenID Connect Core 1.0 incorporating errata set 1 For example, the user_id will be sent in the sub
claim as you noticed.
You can read about the differences between the two in these docs:
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.