Allow custom formats for Subject claim in OIDC Token

hobbseltoff · June 4, 2024, 11:33pm

Currently, when using the oidc request-token function of buildkite-agent the sub claim of the generated token contains a static format. This causes an issue when trying to use federated credentials with platforms that require exact matches of the claim and don’t support wildcards (like Azure).

It would be extremely helpful to be able to customize what fields the sub claim contains.

Priya · June 5, 2024, 2:06am

Hey Hobbseltoff

Welcome to Buildkite community!

You’re right, currently the OIDC subject format is static. I’m raising this with our internal team as a feature request to investigate the impact associated with this change and advice on the priority.

Will keep you posted as soon as we hear from them!

Cheers,
Priya

Topic		Replies	Views
Map SAML group claims Features Requests	0	308	April 29, 2021
Issue JWS tokens to Builds Features Requests	2	919	October 8, 2021
Is BUILDKITE_AGENT_ACCESS_TOKEN equivalent to github token General	2	381	June 21, 2022
New Agent Tokens documentation 📖 Announcements	0	479	March 6, 2019
SSO Deprovisioning Features Requests	0	574	December 10, 2020

Allow custom formats for Subject claim in OIDC Token

Related Topics