I'm using AzureAD as my IdP. AWS OIDC authentication is successful if I just have "aud", "sub" checks in my role trust relationship but if I add "app_id" then the AWS OIDC authentication fails. I followed the AWS documentation page (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html).
Please look at the video recording for further details (https://balupublicclouds.blob.core.windows.net/aws-oidc-auth/AWS-OIDC-auth-appId-trustrelation-failure.mp4)
Please find the complete aws cloud formation template used here (https://github.com/aws-cloudformation/cloudformation-cli/files/13302123/OIDCauth-V1-outlook-tenant.txt)
Please let me know if I miss anything.