Skip to main content
env zero OIDC token contains a unique Subject Identifier per env zero Organization. There are three methods for retrieving your subject identifier. A. From the Credential Form
B. From the App
C. Use Run Task
D. Use env zero OIDC script template
E. Manually from env zero deployment

โ€‹
A. From the Credential Form

When creating an OIDC credential in the organization credentials page you can see the sub value in the last disabled form input:
Interface screenshot showing configuration options

โ€‹
B. From the App

Go to Organization Settings -> Policies
Next to the โ€œEnable OIDCโ€ checkbox, click โ€œshowโ€ ( the โ€œshowโ€ button will only appear if OIDC is enabled )

โ€‹
C. Use Run Task

This simple node script will help decode the OIDC Token.
  1. โ€œEnable OIDCโ€
    1. Under Organization > Settings > Policy - Check โ€œEnable OIDC during deploymentsโ€\
  2. Run a Task - under any existing env zero environment, select โ€œRun a Taskโ€ from the env zero environment menu. Note: You will need administrative access to see this option.
  3. Copy and Paste this script:
node -e "console.log(JSON.parse(Buffer.from(process.env.ENV0_OIDC_TOKEN.split('.')[1], 'base64')));"
  1. Hit Run a Task and open the console outputs under โ€œTask Commandsโ€ step.

โ€‹
D. Using env zero OIDC Script Template

This env zero template, will run a decode script to help you view the contents of the OIDC token.
  1. โ€œEnable OIDCโ€
    1. Under Organization > Settings > Policy - Check โ€œEnable OIDC during deploymentsโ€\
  2. Clone or Fork the Repo: https://github.com/env0/customer-tools
  3. Run an Environment - from VCS, and configure it with the repo youโ€™ve cloned/forked to, and the folder path: iam/oidc/decode-oidc
  4. This will generate a step in the deployment that outputs the OIDC contents similar to this screenshot:

โ€‹
E. Manually from env zero deployment

To retrieve your organizationโ€™s unique Subject Identifier:
  1. โ€œEnable OIDCโ€
    1. Under Organization > Settings > Policy - Check โ€œEnable OIDC during deploymentsโ€\
  2. Go to an existing environment and โ€œRun a Taskโ€\
  3. Run the following command: echo $ENV0_OIDC_TOKEN | base64\
  4. Copy and Base64 Decode the Token: echo โ€œZVXMU5pSXNJblI1Y0NJNklrcFhWQ0lzSW10cFpDSTZJazETmEwWkdUโ€ฆโ€ | base64 -d
  5. Copy the Token and Inspect the decoded token using jwt.io\
  6. Copy the Subject Identifier โ€subโ€ (In this example: auth0|632b8219674bde0224a96141)
โŒ˜I