Hello, I’m wondering, our tenant have 5 different applications. We use userinfo endpoint with access token to get the subject. We want to make sure if the subject is unique per application or tenant?
If the subject is unique per application there can be duplicates and we need to find out to which application the access token belongs to. How to we check that?
I believe subject will be unique per database / IdP / user data repository.
One possible exception: Linked accounts. Off hand I am not sure how Auth0 handles the subject in a linked account scenario.
We’are only using database so it should be enough. That’s also what our testing is showing. Using only database with several applications - users with same email will also have same user id in different applications.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.