Restricted Namespace Identifiers in Rules


I have noticed this section when setting up a new tenant:, and are Auth0 domains and therefore cannot be used as a namespace identifier.

Unfortunately we have 3-4 older tenants which did exactly this and haven’t been modified in a number of months. These rules run fine, and if they broke it would kill our login. What will happen to those in the long term?

When was this restriction added?

:wave: @sjdweb

You are correct that this was not previously restricted. This was put in place to conform to the OIDC specification. Note that if you are not using OIDC/OAuth this won’t restrict your rules, its only necessary to namespace in OIDC.

If you are, both authentication pipelines (OIDC-conformant and legacy) will be usable until further notice. Currently, there is not a date in place when this will absolutely need to be changed for older tenants. However, we strongly recommend that you update the namespace identifiers to be OIDC-conformant in the near future.

Please let me know if that answers your question or if you have any further questions.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.