From 48d1bdab87276193b355d25d998a28214d0258ea Mon Sep 17 00:00:00 2001
From: Security Sauce <prbinu@users.noreply.github.com>
Date: Thu, 16 Jan 2020 11:43:11 -0800
Subject: [PATCH 1/2] Allow admins to specify OIDC client ID

---
 vault/identity_store_oidc.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/vault/identity_store_oidc.go b/vault/identity_store_oidc.go
index 7f0a6e44869f..f30284ce8633 100644
--- a/vault/identity_store_oidc.go
+++ b/vault/identity_store_oidc.go
@@ -251,6 +251,10 @@ func oidcPaths(i *IdentityStore) []*framework.Path {
 					Description: "TTL of the tokens generated against the role.",
 					Default:     "24h",
 				},
+				"client_id": {
+					Type:        framework.TypeString,
+					Description: "Optional client_id",
+				},
 			},
 			Callbacks: map[logical.Operation]framework.OperationFunc{
 				logical.UpdateOperation: i.pathOIDCCreateUpdateRole,
@@ -931,6 +935,10 @@ func (i *IdentityStore) pathOIDCCreateUpdateRole(ctx context.Context, req *logic
 		role.TokenTTL = time.Duration(d.Get("ttl").(int)) * time.Second
 	}
 
+	if clientID, ok := d.GetOk("client_id"); ok {
+		role.ClientID = clientID.(string)
+	}
+
 	// create role path
 	if role.ClientID == "" {
 		clientID, err := base62.Random(26)

From 050a74d8f9bef1e72843205133ce81cdfdb64dca Mon Sep 17 00:00:00 2001
From: Jim Kalafut <jkalafut@hashicorp.com>
Date: Thu, 13 Feb 2020 23:14:16 -0800
Subject: [PATCH 2/2] Add test

---
 vault/identity_store_oidc_test.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/vault/identity_store_oidc_test.go b/vault/identity_store_oidc_test.go
index 4d214c7269c8..d8c8cbff2f5f 100644
--- a/vault/identity_store_oidc_test.go
+++ b/vault/identity_store_oidc_test.go
@@ -65,8 +65,9 @@ func TestOIDC_Path_OIDCRoleRole(t *testing.T) {
 		Path:      "oidc/role/test-role1",
 		Operation: logical.UpdateOperation,
 		Data: map[string]interface{}{
-			"template": "{\"some-key\":\"some-value\"}",
-			"ttl":      "2h",
+			"template":  "{\"some-key\":\"some-value\"}",
+			"ttl":       "2h",
+			"client_id": "my_custom_id",
 		},
 		Storage: storage,
 	})
@@ -83,7 +84,7 @@ func TestOIDC_Path_OIDCRoleRole(t *testing.T) {
 		"key":       "test-key",
 		"ttl":       int64(7200),
 		"template":  "{\"some-key\":\"some-value\"}",
-		"client_id": resp.Data["client_id"],
+		"client_id": "my_custom_id",
 	}
 	if diff := deep.Equal(expected, resp.Data); diff != nil {
 		t.Fatal(diff)