M2M sub format is not compatible using @ character

Our system does not allow for special characters such as ‘@’, which the M2M client credential appears to be using to append client is with ‘@clients’. How can we work around this?

Hello @ftballguy45 welcome to the community!

Unfortunately, there isn’t any way to remove the @clients from the sub value - However, if you can use the azp claim instead this could be a possible work around.

For reference:

If present, it MUST contain the OAuth 2.0 Client ID of this party. This Claim is only needed when the ID Token has a single audience value and that audience is different than the authorized party. It MAY be included even when the authorized party is the same as the sole audience. The azp value is a case sensitive string containing a StringOrURI value.