While using OIDC, i want to Map user entity id to Identity Provider email

Hi all,
as i was trying to configure oidc role as such, i was not able to see my users entity emails.
i am sure you know its hard to identify users by entity id.

vault write auth/oidc/role/oidc_default \
    allowed_redirect_uris="http://localhost:8250/oidc/callback,http://localhost:8200/oidc/callback,https://banana.com/ui/vault/auth/oidc/oidc/callback,https://banana.com/oidc/callback" \
    user_claim="sub" \
    policies="oidc_default" \
    verbose_oidc_logging="true" \
    groups_claim="groups" \
    oidc_scopes="openid email"

is there a way to change the way vault is working and to tell it to show user names or email addresses?


I believe you can use claim_mappings JWT/OIDC - Auth Methods - HTTP API | Vault | HashiCorp Developer to have Vault capture information from the OIDC token and store it in metadata … however I don’t think there’s any way to get Vault to show that information in places in the UI where it would be useful, like lists of entities.

I’d probably resort to a script which periodically used the Vault API to update the names of automatically created Vault entities to more useful meaningful ones.