Related command
az ad app federated-credential create
Is your feature request related to a problem? Please describe.
I want to create a federated credential to work with a GitHub merge queue. The subject is not static so I need to use the 'claims matching expression' feature instead.
This appears to not be supported by the Azure CLI. I get this error:
Property 'subject' cannot be empty.
The docs say:
If claimsMatchingExpression is defined, subject must be set to null.
Describe the solution you'd like
I want to be able to create a federated credential that uses claimsMatchingExpression instead of subject.
{
"name": "MergeQueue",
"issuer": "https://token.actions.githubusercontent.com",
"subject": null,
"claimsMatchingExpression": "claims['sub'] matches 'repo:my-org/my-repo:ref:refs/heads/gh-readonly-queue/main/pr*'",
"description": "Merge queue",
"audiences": [
"api://AzureADTokenExchange"
]
}
Describe alternatives you've considered
I can't access Entra in the portal in my organisation, but it would work if I could...
Additional context
Related command
az ad app federated-credential createIs your feature request related to a problem? Please describe.
I want to create a federated credential to work with a GitHub merge queue. The subject is not static so I need to use the 'claims matching expression' feature instead.
This appears to not be supported by the Azure CLI. I get this error:
Property 'subject' cannot be empty.The docs say:
Describe the solution you'd like
I want to be able to create a federated credential that uses claimsMatchingExpression instead of subject.
{ "name": "MergeQueue", "issuer": "https://token.actions.githubusercontent.com", "subject": null, "claimsMatchingExpression": "claims['sub'] matches 'repo:my-org/my-repo:ref:refs/heads/gh-readonly-queue/main/pr*'", "description": "Merge queue", "audiences": [ "api://AzureADTokenExchange" ] }Describe alternatives you've considered
I can't access Entra in the portal in my organisation, but it would work if I could...
Additional context