Learn how to authenticate with Infisical from any platform or environment using OpenID Connect (OIDC).
/api/v1/auth/oidc-auth/login
endpoint. If successful,
then Infisical returns a short-lived access token that can be used to make authenticated requests to the Infisical API.
To be more specific:
/api/v1/auth/oidc-auth/login
endpoint.Creating an identity
sub
(subject) claim in the JWT should match this value.2592000
equivalent to 30 days): The lifetime for an acccess token in seconds. This value will be referenced at renewal time.2592000
equivalent to 30 days): The maximum lifetime for an acccess token in seconds. This value will be referenced at renewal time.0
): The maximum number of times that an access token can be used; a value of 0
implies infinite number of uses.0.0.0.0/0
, allowing usage from any network address.subject
, audiences
, and claims
fields support glob pattern matching; however, we highly recommend using hardcoded values whenever possible.Adding an identity to a project
Accessing the Infisical API with the identity
/api/v1/auth/oidc-auth/login
endpoint in exchange for an access token.We provide an example below of how authentication is done with Infisical using OIDC. It is a snippet from the official Github secrets action.7200
seconds which can be adjusted.If an identity access token expires, it can no longer authenticate with the Infisical API. In this case,
a new access token should be obtained by performing another login operation.