OptionalaudiencesThe allowed token audiences, as specified in the 'aud' claim of federated tokens. The audience identifier is intended to represent the recipient of the token. Can be any non-empty string value. As long as the audience in the token matches at least one audience in the policy,
OptionalissuerThe required token issuer, as specified in the 'iss' claim of federated tokens.
OptionalsubjectThe required token subject, as specified in the subject claim of federated tokens. The subject claim identifies the identity of the user or machine accessing the resource. Examples for Entra ID (AAD):
groups, this must be the Object ID of the group in Entra ID.oid, this must be the Object ID of the user in Entra ID.azp, this must be the client ID of the OAuth app registered in Entra ID.OptionalsubjectThe claim that contains the subject of the token. Depending on the identity provider and the use case (U2M or M2M), this can vary:
groups.oid.azp.Supported subject_claim values are:
oid: Object ID of the user.azp: Client ID of the OAuth app.groups: Object ID of the group.sub: Subject identifier for other use cases.
Specifies the policy to use for validating OIDC claims in your federated tokens from Delta Sharing Clients. Refer to https://docs.databricks.com/en/delta-sharing/create-recipient-oidc-fed for more details.