feature: Add support for session tags in assumeRoleWithWebIdentity (nested claim format) #4
Assignees
Comments
pvbouwel
pushed a commit
to pvbouwel/fakes3pp
that referenced
this issue
Nov 16, 2024
feature: process nested tag claims Allow IDPs to provide sessiont tags via the nested format. This is for VITObelgium#4
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If the IDP provides session tags they should be part of the session's temporary credentials.
Details on how it works are available on https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_adding-assume-role-idp
This feature request is for the nested claim format (if there is a use case another feature could be created for the flattened claim format)
Example claims from the AWS documentation
{ "sub": "johndoe", "aud": "ac_oic_client", "jti": "ZYUCeRMQVtqHypVPWAN3VB", "iss": "https://xyz.com", "iat": 1566583294, "exp": 1566583354, "auth_time": 1566583292, "https://aws.amazon.com/tags": { "principal_tags": { "Project": ["Automation"], "CostCenter": ["987654"], "Department": ["Engineering"] }, "transitive_tag_keys": [ "Project", "CostCenter" ] } }The text was updated successfully, but these errors were encountered: