Extension point for claims

[jglick]

May be desirable to allow this or other plugins to inject additional claims into the token when sensible and available, e.g.:

• the user triggering the build
• the organization, repository, and head name (branch/tag/PR-xxx) of a branch project

[LucaPrete]

Hi @jglick

Sorry I haven't seen this. I opened also an issue here and I'm starting working on a PR. Please, let me know if you have any additional suggestions.

[madsjakobsen]

Hi, I tried to do a implementation of this while testing out a GCP deployment https://github.com/MadsJakobsen/oidc-provider-plugin/commit/07986abdc2d4ab60f22340de1b688805ced88780 I also saw jwt-support-plugin had a similar concept https://github.com/jenkinsci/jwt-support-plugin/blob/79da649f05c3ab02866e94a5dd8721695cdb45ba/src/main/java/io/jenkins/plugin/auth/jwt/JwtTokenDecorator.java#L11

I don't think i'am proficient enough in OpenID to create a proper PR, but I would certainly find the feature useful, so if there is anything I can do to help, like testing, then please let me know 🙏

[jglick]

master...MadsJakobsen:oidc-provider-plugin:feature/add-extension-point-for-claims is the right idea, yes. (Would have a bunch of minor suggestions if that were a PR.) Would provide a cleaner way of implementing the likes of #16.

[jglick]

a implementation of this while testing out a GCP deployment

Sounds like you might use this plugin in anger. Do you feel like becoming a maintainer? I do not really have the time to give it the attention it deserves, and I lack a feel for how it will be used in realistic contexts.

[LeoQuote]

It would be nice to create claims using groovy, like in this issue #22 the GitHub repo could be got by

GITHUB_SLUG = env.JOB_NAME.split("/")[0..1].join("/")

And maybe more, GitHub org, repo, with those claims, many things could be possible, like setting a bunch of shared secrets in vault for an organization, or a specific secret for a single repo.

But right now, with the simple JOB_NAME, nothing can be achieved.