Identity token API template syntax

ausmartway · February 26, 2024, 10:24am

I am trying to setup identity secrets engine to generate identity token, I am trying to create a role with below api call:

~ cat create_oidc_role.json
{
    "key": "human_identity",
    "ttl": "12h",
    "template": "{\"azp\": \"spiffe://vault/{{identity.entity.name}}\"}"
}
➜  ~ curl \
    --header "X-Vault-Token: REDUCTED" \
    --request POST \
    --data @create_oidc_role.json \
    https://VAULT/v1/identity/oidc/role/human_identity
{"errors":["error parsing template JSON: invalid character '\"' after object key:value pair"]}

I am not sure what the json format is incorrect. I have validated it with online validator… Please help

rtwolfe · February 26, 2024, 4:17pm

[Dont you work at HashiCorp ]

To fix the JSON format error in your OIDC role creation payload, escape the inner double quotes within the template value like this: "{\"azp\": \"spiffe://vault/{{identity.entity.name}}\"}" . This corrects the parsing issue caused by improper use of double quotes.

ausmartway · February 26, 2024, 8:59pm

Thanks, I do work for hashicorp.

Anyway, I think I have escaped the inner double quotes…

Topic		Replies	Views
Need another pair of eyes to troubleshot Vault provider error Vault	3	141	August 24, 2024
Custom OIDC token data : passing metadata to "Generate a Signed ID (OIDC) Token" Vault	1	246	September 2, 2021
Error verifying token: oidc: malformed jwt Vault	1	3750	November 25, 2020
Accessing secret-id specific metadata from identity template Vault	2	373	February 11, 2023
Template auth/token/create "metadata": '' expected a map, got 'string' Vault	2	725	January 2, 2023

Identity token API template syntax

Related topics