Description: Exposes the token endpoint to retrieve a temporary access token. The scope of the token is determined using identity mappings.
Since: Artifactory Cloud 7.73.1, Artifactory Self Hosted 7.77.3
Usage:POST /access/api/v1/oidc/token {JSON with token information}
Produces: application/json
Parameters:
The JSON record contains the following fields:
Name | Type | Description | Optional/ Mandatory |
|---|---|---|---|
grant_type | String | The grant type. Enter the following type: | Mandatory |
subject_token_type | String | The token type. Enter the following type: | Mandatory |
subject_token | String | The ID token from the authentication provider, such as GitHub. | Mandatory |
provider_name | String | The name of the provider | Mandatory |
identity_mapping_name | String | The name of the identity mapping, if you want to use a specific mapping. | Optional |
include_reference_token | Boolean | (Default: False) Whether you want to include a reference token as well as an access token. | Optional |
issuer_url | Integer | OIDC issuer URL. For GitHub actions, the URL is | Optional |
audience | String | An informational field that you can use to include details of the audience that uses the OIDC configuration. | Optional |
project_key | String | If set, this Identity Mapping will be available in the scope of the given project (editable by the platform admin and project admin). If not set, this Identity Mapping will be global and only editable by a platform admin. Once set, the project key cannot be changed. | Optional |
Sample Usage
curl -X POST -H "Content-type: application/json" \
-H "Authorization: Bearer cOENUdUxv" \
https://example.jfrog.io/access/api/v1/oidc/token -d \
'{“grant_type”: “urn:ietf:params:oauth:grant-type:token-exchange”, \
“subject_token_type”:”urn:ietf:params:oauth:token-type:id_token”, \
“subject_token”: <ID_TOKEN>, \
"provider_name": "github-oidc"
"identity_mapping_name": <mapping_name> //optional
"include_reference_token": true/false //default false
"project_key": "jfac"}'