Can I Use OIDC Authentication with CircleCI?

Yes! We have added the ability to use OIDC authentication in your CircleCI builds! In this article, we have consolidated some resources, as well as common problems that may arise along the way. We hope this will help assist you in implementing this feature.

OIDC tokens are automatically created and imported into your jobs.

Common Issues:

Failed to assume role

An error occurred (AccessDenied) when calling the AssumeRoleWithWebIdentity operation:
Not authorized to perform sts:AssumeRoleWithWebIdentity
Failed to assume role

One way to address this error is to ensure sure the token has the necessary permissions.

Helpful Resources:

• OIDC with Vault
• https://circleci.com/blog/openid-connect-identity-tokens/
• Using OpenID Connect Tokens in Jobs
• AWS OIDC docs