Allow custom formats for Subject claim in OIDC Token

hobbseltoff · June 4, 2024, 11:33pm

Currently, when using the oidc request-token function of buildkite-agent the sub claim of the generated token contains a static format. This causes an issue when trying to use federated credentials with platforms that require exact matches of the claim and don’t support wildcards (like Azure).

It would be extremely helpful to be able to customize what fields the sub claim contains.

Priya · June 5, 2024, 2:06am

Hey Hobbseltoff

Welcome to Buildkite community!

You’re right, currently the OIDC subject format is static. I’m raising this with our internal team as a feature request to investigate the impact associated with this change and advice on the priority.

Will keep you posted as soon as we hear from them!

Cheers,
Priya

Topic		Replies	Views
OIDC Build Creator Claim Features Requests	1	45	April 16, 2025
OIDC subject is too long General	3	211	March 16, 2025
Configurable OIDC Provider Features Requests	1	60	April 16, 2025
Service accounts Features Requests	1	695	October 16, 2019
API token should be able to have a lifetime max set by org Features Requests	0	195	February 9, 2022

Allow custom formats for Subject claim in OIDC Token

Related topics