OIDC custom properties as claims #1230
Description
Value Prop
GitHub Actions OIDC now supports custom repository properties as claims, enabling platform and security teams to embed rich metadata directly into every token issued from a repository. This structured identity context allows cloud providers, artifact registries, and secrets brokers to enforce attribute-based access control (ABAC) without any workflow-level configuration changes.
Expected Outcome
Teams can expect to eliminate hard-coded allow lists and manual policy exceptions. Replacing them with version controlled repository attributes that automatically propagate into cloud IAM trust policies at scale. Organizations will achieve least-privilege access across hundreds or thousands of repositories with a one-time policy investment, reducing operational burden and improving auditability across every workflow run.