Restrict AWS OIDC when ssh-rerun is True

I have tried to add a policy on AWS to restrict tokens with True without luck.

When I go to{org_id}/.well-known/openid-configuration
I see:

  "request_uri_parameter_supported": false,
  "claims_supported": [
  "subject_types_supported": [
  "scopes_supported": [
  "issuer": "{org_id}}",
  "response_types_supported": [
  "id_token_signing_alg_values_supported": [
  "jwks_uri": "{org_id}}/.well-known/jwks-pub.json",
  "service_documentation": ""

Is it missing inside claims_supported?

I have run inside a CircleCI SSH job echo $CIRCLE_OIDC_TOKEN_V2:

  "aud": "...",
  "exp": ...,
  "iat": ...,
  "iss": "{org_id}",
  "": [],
  "": "{project_id}",
  "": true,
  "": "{vcs_name}/{org_name}/{repo_name}",
  "": "refs/heads/{branch_name}",
  "sub": "org/{org_id}/project/{project_id}/user/{user_id}/vcs-origin/{vcs_name}/org_name/{repo_name}/vcs-ref/refs/heads/{branch_name}"

So is there. Same with echo $CIRCLE_OIDC_TOKEN

Any suggestion?

organization admins can request the debugging with SSH feature to be disabled on an organization and/or project level.

If you are on a plan that includes ticket based support, please open a ticket and we can help you with disabling this feature.

Let us know if you have any follow up questions. Cheers!