Customizable subject claim in OIDC tokens
K
Kelvin Tay
Right now, the
sub
claims for OIDC is set to org/ORGANIZATION_ID/project/PROJECT_ID/user/USER_ID
.For customers who would like to set up OIDC with Azure, Azure has a strict restriction on checking the
sub
claims.In particular, Azure does not allow for wildcard char matching.
This means customers would need to add a list of all possible users on Azure, as a workaround.
It would be great if we can allow for customization of what the
sub
claim's value can be.K
Kelvin Tay
this is similar to https://ideas.circleci.com/cloud-feature-requests/p/customizable-audience-claim-in-oidc-tokens but this idea would be for the
sub
claim, not the aud
claim.