I’m trying to create a token using a role, and when I do the new token doesn’t have an entity associated with it. I’d like to retain the entity on the new token so I can use /identity/oidc/token endpoints. I’m not clear if this is a glossy part of the docs, a issue, or a design impossibility.
On Token - Auth Methods - HTTP API | Vault | HashiCorp Developer I see a entity_alias option, which isn’t quite what I want, but it says If this has been specified, the entity will not be inherited from the parent. When using the role_name parameter I’m not seeing inheritance at all.
Tokens | Vault | HashiCorp Developer shows a empty entity_id in the role example output, but doesn’t discuss it.
Neither of those pages really talk about entity IDs in the context of creating a token.
I’m trying to extend a workflow where a user takes a fairly high-power token from the GUI and then uses that to get a scoped token for use by tooling. The use of the role in the /auth/token/create/ call is established behavior so I’m hesitant to fiddle with it (Chesterton’s fence, and figuring out the historical why and potential impact will be a rabbit hole). Using /identity/oidc/token endpoints is the new bit I’m trying to integrate into the existing token workflow.