remove duplication clear up steps and address user feedback #9790
Conversation
| | `exp` | ||
| | The expiration time. Its value is one hour after the time of issuance. | ||
| | `$CIRCLE_OIDC_TOKEN` | ||
| | The default OIDC token. See <<format-of-the-openid-connect-id-token>> for full details. |
There was a problem hiding this comment.
I'd maybe not use the word "default", as it implies that this is the one customers should be using (unless they have other needs that the V2 token fulfils) when actually either token is probably fine (and maybe we actually want people using the V2).
| | The time of issuance. This is the time the token was created, which is shortly before the job starts. | ||
|
|
||
| | `exp` | ||
| | The expiration time. Its value is one hour after the time of issuance. |
There was a problem hiding this comment.
This can also be customised (via the APIs), which might be worth mentioning (maybe on the other page, and maybe out of scope for this update).
| `"org/<organization_id>/project/<project_id>/user/<user_id>/vcs-origin/<vcs_origin>/vcs-ref/<vcs_ref>"`, a string, where `organization_id`, `project_id`, and `user_id` are UUIDs that identify the CircleCI organization, project, and user, respectively. The user is the CircleCI user that caused this job to run. `vcs_origin` and `vcs_ref` are strings that identify the repository URL and reference to the change that caused the job to run. | ||
|
|
||
| | `aud` | ||
| | The audience. By default, this is `ORGANIZATION_ID`, a string containing a UUID that identifies the job's project's organization. To customize the audience you can generate an OIDC token with a custom audience. See xref:oidc-tokens-with-custom-claims.adoc[OIDC Tokens With Custom Claims] for more information. |
There was a problem hiding this comment.
Might be beyond the scope of this change but I think the OIDC Tokens With Custom Claims page only makes reference to the use of the subcommand to generate a one-time customised token, but there's also the APIs which allow for permanent customisation
Description
Improvements to OIDC Documentation
This PR addresses user feedback and improves clarity throughout the OpenID Connect tokens documentation.
Key changes:
1. Streamlined identity provider setup
2. AWS section improvements
3. GCP section clarifications
4. General improvements
What This Addresses:
Original feedback: "Documentation was lacking information on how to set up the credentials file in the CircleCI environment"
Original feedback: "Documentation was missing how to define specific roles within projects"
Reasons
General refresh and avoid confusion
Content Checklist
Please follow our style when contributing to CircleCI docs. Our style guide is here: https://circleci.com/docs/style/style-guide-overview.
Please take a moment to check through the following items when submitting your PR (this is just a guide so will not be relevant for all PRs):