[OIDC] Are JWT tokens stored somewhere after the OIDC auth flow?

I successfully configured Vault & OIDC by following this guide: OIDC Auth Method | Vault - HashiCorp Learn

However, I was wondering if the JWT tokens are stored somewhere after the authentication flow has succeeded. Are the tokens only used to extract the “user_claim” and then thrown away or are they put into secrets/other Vault engines?

Thrown away after extracting various metadata.

The code handling this is in this function: vault-plugin-auth-jwt/path_oidc.go at 7e0f211d569e5beca0915c911ab308132948bf7b · hashicorp/vault-plugin-auth-jwt · GitHub

1 Like