Is it possible to override the 'sub' claim in an id_token?

We are migrating users from another IdP. These users already have a user Id assigned by that IdP. Our applications that use our legacy IdP use the ‘sub’ field in the id_token to uniquely identify the user. However, if we migrate to Auth0, I don’t want my app owners to see a new user Id in the ‘sub’ claim when the user signs-in. To them, this would look like a new user.

By default, Auth0 uses the user_id field for the ‘sub’ claim in the id_token.
Is is possible to override this mapping with a different claim in the ‘user_metata’ section of the user profile?

Will this cause problems with exchanging tokens? For instance, will Auth0 have a problem looking up a user if the token it receives has our custom ‘sub’ value instead of the ‘user_id’ value?

1 Like

I have this same need: to use a different ‘sub’ claim in the token returned to the user. We are using Rules so I tried to override the claim in our rule but that didn’t work. We do have the ability to map from Auth0 user id to our own user id using our existing Rule implementation…we just need to allow it to be changed in the Rule.

Our use-case is similar in that we have previously defined user Ids that we’d like to use in the ‘sub’ claim.

I was told by Auth0 that it is not possible to override the sub claim at this time. I think this means you’ll need to add a custom claim to the id_token. Your clients will then need to use that custom claim when determining the appropriate user Id.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.