I want to change some behaviour programmatically based on whether a token is for a user or a machine.
sub claim in the access token seems to be (and is documented as)
identity_provider|user_id for users, and (undocumented as far as I can see)
client_id@clients for M2M tokens.
My question is: Is the format of the
sub claim for M2M tokens documented anywhere? I’d like to have an official source, rather than writing logic based on observed behaviour.