Skip to content

Supported OIDC claims

Supported OpenID Connect (OIDC) claims are specific key-value pairs used to convey information about a user or an entity in the context of authentication and identity management. OIDC claims are included in ID tokens or access tokens and can provide identity attributes or metadata about the user, client, or session.

Registered

  • iss - identifies the principal that issued the JWT.
  • sub - identifies the principal that is the subject of the JWT. For JWT issued by Venafi Control Plane the value is always venafi_control_plane.
  • aud - identifies the recipients that the JWT is intended for.
  • jti - provides a unique identifier for the JWT.
  • iat - identifies the time at which the JWT was issued.
  • nbf - identifies the time before which the JWT MUST NOT be accepted for processing.
  • exp - identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.

Custom

  • cloud_provider_id - the id of the cloud provider issuing the JWT.
  • cloud_provider_name - the name of the cloud provider issuing the JWT.