Description: Exposes the token endpoint to retrieve a temporary access token. The scope of the token is determined using identity mappings.
Since: Artifactory Cloud 7.73.1, Artifactory Self Hosted 7.77.3
Security: Requires a valid admin token
Usage: POST /access/api/v1/oidc/token {JSON with token information}
Produces: application/json
Header parameter: Authorization: Bearer. For more information about creating tokens, see Create Token.
Parameters:
The JSON record contains the following fields:
Name | Type | Description | |
---|---|---|---|
provider_name | string | Name of the provider | |
description | string | The description of the identity mapping | |
provider_type | string | The provider type, such as Github, Azure, or Generic OpenID Connect. | |
issuer_url | integer | OIDC issuer URL. For GitHub actions, the URL is | |
audience | string | Informational field that you can use to include details of the audience that uses the OIDC configuration | |
project_key | string | If set, this Identity Mapping will be available in the scope of the given project (editable by the platform admin and project admin). If not set, this Identity Mapping will be global and only editable by platform admin. Once set, the projectKey cannot be changed. | Optional |
Sample Usage
curl -X POST -H "Content-type: application/json" \ -H "Authorization: Bearer cOENUdUxv" \ https://example.jfrog.io/access/api/v1/oidc/token -d \ '{“grant_type”: “urn:ietf:params:oauth:grant-type:token-exchange”, \ “subject_token_type”:”urn:ietf:params:oauth:token-type:id_token”, \ “subject_token”: <ID_TOKEN>, \ "provider_name": "github-oidc" "project_key": "jfac"}'