How To Access My Vault OIDC Logs and JWT Claim Metadata

I have set up a local instance of HashiCorp Vault (Enterprise edition) to test an implementation of Vault and Azure AD Single Sign-On with OIDC. I am using Terraform to provision and configure my OIDC components in Visual Studio Code, but have run into an error (see below) relating to my token claim.


How or where can I access my oidc jwt claim metadata to verify some of its entries? I have even set the verbose_oidc_logging = true in my vault_jwt_auth_backend_role configuration but can’t figure out where I can access the log.

Below is the full snippet of vault_jwt_auth_backend_role configuration.

resource "vault_jwt_auth_backend_role" "azure" {
  role_name             = var.azure_role_name 
  backend               = vault_jwt_auth_backend.root.path
  user_claim            = "email"
  groups_claim          = "groups" 
  bound_claims          = { "groups": "VaultAdmins" }
  role_type             = "oidc"
  oidc_scopes           = var.oidc_scopes 
  allowed_redirect_uris = var.allowed_redirect_uris
  verbose_oidc_logging  = "true"

This previous message, and the whole topic thread, may be of use: Where can I find the debug logs for OIDC? - #5 by maxb