-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OIDC: Setting value token_policy does not set policy in token #69
Comments
This is another effect of the previous issue. There were a set of new |
@kalafut Mind taking a look at hashicorp/terraform-provider-vault#502 and advising as to whether that issue is related to this in any way? |
@zx8 I'll be taking a look at that issue and have skimmed it briefly. It may be related in that a whole bunch of backends were changed for the token fields update so there may be a bug in Vault or the TF provider. But there isn't really much shared code between the auth backends, and this OIDC/token bug was very much localized to the JWT backend. |
@lawliet89 Thanks for the repro. |
Actual behaviour:
vault write auth/oidc/role/dev bound_audiences="supersecret" allowed_redirect_uris="http://localhost:8250/oidc/callback" user_claim="sub" token_policies="provisioneer" ttl="24h"
setstoken_policies [provisioneer]
in role but notpolicies
which leads to missing token_policies in the granted token.But executing
vault write auth/oidc/role/dev bound_audiences="supersecret" allowed_redirect_uris="http://localhost:8250/oidc/callback" user_claim="sub" policies="provisioneer" ttl="24h"
sets bothpolicies
andtoken_policies
toprovisioneer
.Expected behaviour:
At login with oidc the value token_policies is taken into account.
The text was updated successfully, but these errors were encountered: