
invalid_request when calling API

I am attempting to call the API from AWS Lambda to perform a workload identity federation and getting the error {"error":"invalid_request","error_description":"The size of mapped attribute google.subject exceeds the 127 bytes limit. Either modify your attribute mapping or the incoming assertion to produce a mapped attribute that is less than 127 bytes."}


{ "subjectToken": "[EncodedSigv4token]", "audience": "//[projectID]/locations/global/workloadIdentityPools/awspool/providers/alpha", "grantType": "urn:ietf:params:oauth:grant-type:token-exchange", "requestedTokenType": "urn:ietf:params:oauth:token-type:access_token", "scope": "", "subjectTokenType": "urn:ietf:params:aws:token-type:aws4_request" }

I am not able to figure out what this error means and how to resolve this. I am following to make the STS API call.


  • The error I was facing was because the IAM Role ARN was too long in my case. Fixed the issue by giving a shorter name to assumed role. After that I was able to use Google workload identity federation successfully.