💻 Tech
The sub claim (or subject) value depends on the provider. For Okta, it’s the e-mail address, while for Auth0, it’s the user ID (e.g., auth0|id_string_here). Why does this matter? If you’re working on a migration, your internal authentication process may fail because you might not be using an e-mail address while your backend is expecting it. To solve this, Auth0, for example, has triggers and actions feature that allows you to modify the access token during login/post-login before it’s sent to the requester.