Cannot create JWT role through cli - error message user claim must be defined but it gets provided

magnus · March 9, 2023, 12:47pm

I am trying to create a vault jwt role through the vault cli. I am using a json file to config the role.

The json looks like this:

{
    "role_type": "jwt",
    "policies": ["myproject-staging"],
    "token_explicit_max_ttl": 60,
    "user_claim": "user_email",
    "bound_claims": {
      "project_id": "22",
      "ref": "master",
      "ref_type": "branch"
    }
  }

When running the following cli command:

vault write auth/jwt/role/test_role role=@jwt.json

i receive the following error:

Error writing data to auth/jwt/role/test_role: Error making API request.

Code: 400. Errors:

* a user claim must be defined on the role

but I am clearly defining a user_claim in the json and also when I use the same json to create a jwt role through an api call it works without problems.

I want to use it in a pipeline and therefore would like to use the command line.

Have you experienced the same or know any solution for this?

Thanks for the help!

maxb · March 9, 2023, 2:12pm

is wrong - should be:

vault write auth/jwt/role/test_role @jwt.json

magnus · March 9, 2023, 2:28pm

That solved the problem. Thank you very much.

Topic		Replies	Views
Map multiple fields to construct user_claim parameter while creating a role Vault	1	554	September 22, 2022
Unable to create token due to policy issues Vault vault	1	131	June 4, 2024
How to write to /pki/roles with CLI using a file? Vault	9	1471	October 14, 2021
Failing to create a policy using JWT claims Vault	1	890	December 5, 2021
Authentication failed: error validating claims: square/go-jose/jwt: validation failed, token not valid yet (nbf) Vault	3	3509	March 5, 2021

Cannot create JWT role through cli - error message user claim must be defined but it gets provided

Related topics