OIDC provider scope template

gawsoftpl · April 29, 2025, 11:08am

In doc:
https://developer.hashicorp.com/vault/docs/concepts/oidc-provider#scopes

I see that I can use for oidc provider scope template variable $MOUNT_ACCESSOR:

{
    "username": {{identity.entity.aliases.$MOUNT_ACCESSOR.name}}
}

But when I generate id_token from endpoint:
My JWT token has empty attribute:

{
  "username": ""
}

When I use template without variable:

{
  # // I replaced "username": {{identity.entity.aliases.$MOUNT_ACCESSOR.name}} with plain text of auth accessor name
  "username": {{identity.entity.aliases.auth_kubernetes_663278c3.id}}
}

Id token has correct username

{
 "username": "96739f72-3d56-84ab-a00c-49b19eb73486"
}

It looks like variable MOUNT_ACCESSOR doesnt work or maybe this is a issue in documentation

Topic		Replies	Views
OIDC Provider Scope Templating Vault vault	3	1602	April 18, 2022
Templated policy parameters Vault vault	0	471	April 15, 2020
How to create email and group scopes for vault oidc identity provider with ldap upstream? Vault	0	269	October 26, 2023
Pre-create vault_identity_entity and vault_identity_entity_alias for oidc mount? Terraform Providers vault	2	831	September 6, 2022
Accessing secret-id specific metadata from identity template Vault	2	396	February 11, 2023

OIDC provider scope template

Related topics