Remove support for OAuth 2 JWTs with user keys as the sub claim when opted in by apps

Description

When apps have opted in to GDPR compatibility, the OAuth 2.0 JWT Bearer token authorization grant type should only support identifying users by account ID (under the URN namespace urn:atlassian:connect:useraccountid) in the sub claim of the JWT assertion created by the app. Providing a user key with the URN namespace urn:atlassian:connect:userkey) should no longer be supported.

Environment

None
Fixed

Assignee

Einar Pehrson

Reporter

Einar Pehrson