Currently, when using the oidc request-token
function of buildkite-agent
the sub
claim of the generated token contains a static format. This causes an issue when trying to use federated credentials with platforms that require exact matches of the claim and don’t support wildcards (like Azure).
It would be extremely helpful to be able to customize what fields the sub
claim contains.