Identity token API template syntax

I am trying to setup identity secrets engine to generate identity token, I am trying to create a role with below api call:

~ cat create_oidc_role.json
    "key": "human_identity",
    "ttl": "12h",
    "template": "{\"azp\": \"spiffe://vault/{{}}\"}"
➜  ~ curl \
    --header "X-Vault-Token: REDUCTED" \
    --request POST \
    --data @create_oidc_role.json \
{"errors":["error parsing template JSON: invalid character '\"' after object key:value pair"]}

I am not sure what the json format is incorrect. I have validated it with online validator… Please help

[Dont you work at HashiCorp :slight_smile: ]

To fix the JSON format error in your OIDC role creation payload, escape the inner double quotes within the template value like this: "{\"azp\": \"spiffe://vault/{{}}\"}" . This corrects the parsing issue caused by improper use of double quotes.

Thanks, I do work for hashicorp. :slight_smile:

Anyway, I think I have escaped the inner double quotes…

1 Like