I’ve created a policy and used the following command to setup gmail role (followed the guide from here https://github.com/hashicorp/vault-guides/tree/master/identity/oidc-auth. But when users are logged in, they don’t get the policy applied and I need to manually attach the policy to their entities. How should I set it correctly so each new entity from Gmail will get the same policy?
That looks reasonable, though I don’t see any localhost redirect uris which you probably need for the CLI. re: the policy question, which version of Vault are you using? I’m wondering if this (fixed) bug applies: https://github.com/hashicorp/vault-plugin-auth-jwt/pull/67