Skip to content
oidc-test

disable auto-run trigger for oidc-test #37

Sign in to view logs

disable auto-run trigger for oidc-test

disable auto-run trigger for oidc-test #37

Workflow file for this run

.github/workflows/oidc-test.yaml at 8336901
name: oidc-test
on:
push:
branches: []
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
oidc-test:
runs-on: ubuntu-latest
steps:
- name: Install OIDC Client from Core Package
run: npm install @actions/[email protected] @actions/http-client jwks-rsa jsonwebtoken
- name: Get Id Token
uses: actions/github-script@v6
with:
script: |
const github = require('@actions/core');
let githubJwt = await github.getIDToken();
console.log("Here we have an ID token `id_token` - we can send this to our backend")
const jwksClient = require('jwks-rsa'); // from auth0
const jwt = require('jsonwebtoken');
if (false) {
await fetch('https://sam-dell.tailnet-6e00.ts.net/', {
method: 'GET',
headers: {
'x-github-jwt': githubJwt
}
});
}
const githubActionsOpenIdConfigurationUri = 'https://token.actions.githubusercontent.com/.well-known/openid-configuration';
const githubActionsJwksUri = 'https://token.actions.githubusercontent.com/.well-known/jwks';
console.log("Decoded GitHub Actions JWT", jwt.decode(githubJwt));
console.log("Attempting to verify token using key from GitHub Actions jwks");
var client = jwksClient({ jwksUri: githubActionsJwksUri });
const getGithubActionsJwks = async (header, callback) => {
const key = await client.getSigningKey(header.kid);
const signingKey = key.getPublicKey();
callback(null, signingKey);
};
const decoded = jwt.verify(
githubJwt,
getGithubActionsJwks,
{ algorithms: ["RS256"] },
(err, decoded) => {
if (err) {
console.error("JWT verification failed:", err.message);
return;
}
console.log("JWT verified successfully");
console.log("Decoded payload:", decoded);
},
);