diff --git a/cyborg/common/authorize_wsgi.py b/cyborg/common/authorize_wsgi.py
index 6319f445..9d8a5e16 100644
--- a/cyborg/common/authorize_wsgi.py
+++ b/cyborg/common/authorize_wsgi.py
@@ -192,8 +192,8 @@ def authorize_wsgi(api_name, act=None, need_target=True):
             else:
                 # for create method, before resource exsites, we can check the
                 # the credentials with itself.
-                target = {'project_id': context.tenant,
-                          'user_id': context.user}
+                target = {'project_id': context.project_id,
+                          'user_id': context.user_id}
 
             try:
                 authorize(action, target, credentials, do_raise=True)