I’m trying to set up role based access with Auth0 and federated web identities on AWS (without Cognito). I have configured an OIDC provider, as described in the aws integration docs, and I have successfully attached custom claims to the
id_token, namespaced, as enforced by Auth0. However, due to some limitations at AWS’ end, it is not possible to attach a trust policy to a role that are based on custom claims that are namespaced. So this does not work:
- Effect: “Allow”
Federated: !Ref OpenIdProviderArn
“xxxxxx.auth0.com/:aud”: “auth0 client id”
Reason it does not work is that AWS does not allow multiple colons in the key of a policy condition.
So I was hoping that by disabling strict OIDC compliance in my Auth0 configuration, I should be able to attach claims that are not namespaced. But to my surprise, Auth0 still filters those claims from the
Is there any setting at all I can set/unset to make this happen?