We received a notification that a number of our Auth0 tenants will affected by the upcoming change to non-namespaced claims (this one). However I reviewed the migration advice and could not see any actions because:
- we have no
type:depnoteentries in our logs (or none are being returned when I search for them)
- our tokens are larger than I’d like (sometimes around ~2KB) but are nowhere near the 100KB limit
- we are not setting any non-namespaced claims in id token or access token at all
- we are only using our own domains as namespaces, and not any Auth0 domains
So I’m stumped as to why we got this notification and why these tenants were highlighted in particular. Normally I’d just dismiss this and move on, but a subset of our tenants were explicitly named (" We have detected that [list of nine tenants] may be doing one of the following operations via Actions / Hooks / Rules:…") so I’d really like to understand what’s going on.
Has anyone else had this? Is there anything I should be looking for other than the items I described, or should I just go ahead and flip the “Migrations > Legacy Custom Claims” for some tenants to just try this out?