Allow custom formats for Subject claim in OIDC Token

Currently, when using the oidc request-token function of buildkite-agent the sub claim of the generated token contains a static format. This causes an issue when trying to use federated credentials with platforms that require exact matches of the claim and don’t support wildcards (like Azure).

It would be extremely helpful to be able to customize what fields the sub claim contains.

Hey Hobbseltoff :wave:

Welcome to Buildkite community!

You’re right, currently the OIDC subject format is static. I’m raising this with our internal team as a feature request to investigate the impact associated with this change and advice on the priority.

Will keep you posted as soon as we hear from them!