diff --git a/builtin/credential/app-id/backend.go b/builtin/credential/app-id/backend.go
index ee0dd7267c..83981f27ce 100644
--- a/builtin/credential/app-id/backend.go
+++ b/builtin/credential/app-id/backend.go
@@ -12,7 +12,7 @@ func Factory(map[string]string) (logical.Backend, error) {
 func Backend() *framework.Backend {
 	var b backend
 	b.MapAppId = &framework.PolicyMap{
-		PathMap:    &framework.PathMap{"app-id"},
+		PathMap:    framework.PathMap{Name: "app-id"},
 		DefaultKey: "default",
 	}
 	b.MapUserId = &framework.PathMap{
diff --git a/builtin/credential/app-id/path_login.go b/builtin/credential/app-id/path_login.go
index 2774316e84..86c58beba4 100644
--- a/builtin/credential/app-id/path_login.go
+++ b/builtin/credential/app-id/path_login.go
@@ -1,6 +1,7 @@
 package appId
 
 import (
+	"fmt"
 	"strings"
 
 	"github.com/hashicorp/vault/logical"
@@ -34,11 +35,21 @@ func (b *backend) pathLogin(
 	userId := data.Get("user_id").(string)
 
 	// Look up the apps that this user is allowed to access
-	apps, err := b.MapUserId.Get(req.Storage, userId)
+	appsMap, err := b.MapUserId.Get(req.Storage, userId)
 	if err != nil {
 		return nil, err
 	}
 
+	appsRaw, ok := appsMap["value"]
+	if !ok {
+		appsRaw = ""
+	}
+
+	apps, ok := appsRaw.(string)
+	if !ok {
+		return nil, fmt.Errorf("internal error: mapping is not a string")
+	}
+
 	// Verify that the app is in the list
 	found := false
 	for _, app := range strings.Split(apps, ",") {
diff --git a/builtin/credential/github/backend.go b/builtin/credential/github/backend.go
index 0d0a49e9ab..ea266fde9a 100644
--- a/builtin/credential/github/backend.go
+++ b/builtin/credential/github/backend.go
@@ -16,7 +16,7 @@ func Factory(map[string]string) (logical.Backend, error) {
 func Backend() *framework.Backend {
 	var b backend
 	b.Map = &framework.PolicyMap{
-		PathMap:    &framework.PathMap{"teams"},
+		PathMap:    framework.PathMap{Name: "teams"},
 		DefaultKey: "default",
 	}
 	b.Backend = &framework.Backend{