Currently, the Jenkins plugin supports only two authentication mechanisms: Basic (username + password) and Username + API Token. While these methods work for typical Jenkins environments, our setup uses Google Cloud IAM with OIDC authentication, which requires both an OIDC token and a Jenkins API token for successful authorization.
This limitation prevents us from leveraging the plugin in environments where IAM enforces OIDC-based authentication. Adding support for OIDC authentication in the Jenkins plugin would enable compatibility with modern, secure IAM solutions like Google Cloud IAM, OKTA, and others.
We have tested scenarios where:
OIDC tokens combined with API tokens successfully authenticate and authorize requests.
Only the API token fails due to enforced OIDC authentication.
This enhancement is crucial for environments adopting OIDC-based identity providers while maintaining compatibility with existing authentication mechanisms.
Please let me know if you need additional details or examples to support this request.
by: Rakesh B. | about a month ago | Integrations
Comments
We could have a session to discuss this in detail, especially this aspect of API token failure due to enforced OIDC authentication. We would like to further understand what OIDC and Jenkins configuration you are using.