OIDC Debugger
ActionsVerified
Due to the lack of time we could allocate to this repo, we've decided to archive it.
You can use steve-todorov's version instead.
If you want just the code (reference, thanks again to steve-todorov):
- name: Show OIDC claims (right before assume)
env:
AUDIENCE: "sts.amazonaws.com"
run: |
TOKEN_JSON=$(curl -s -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=$AUDIENCE")
ID_TOKEN=$(echo "$TOKEN_JSON" | jq -r .value)
echo "$ID_TOKEN" | awk -F. '{print $2}' | base64 -d 2>/dev/null | jq -rThis action requests a JWT and prints the claims included within the JWT received from GitHub Actions.
Here's an example of how to use this action:
name: Test Debugger Action
on:
pull_request:
workflow_dispatch:
jobs:
oidc_debug_test:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
name: A test of the oidc debugger
steps:
- name: Debug OIDC Claims
uses: github/actions-oidc-debugger@main
with:
audience: '${{ github.server_url }}/${{ github.repository_owner }}'The resulting output in your Actions log will look something like this:
{
"actor": "GrantBirki",
"actor_id": "23362539",
"aud": "https://github.com/github",
"base_ref": "main",
"enterprise": "github",
"enterprise_id": "11468",
"event_name": "pull_request",
"exp": 1751581975,
"head_ref": "release-setup",
"iat": 1751560375,
"iss": "https://token.actions.githubusercontent.com",
"job_workflow_ref": "github/actions-oidc-debugger/.github/workflows/action-test.yml@refs/pull/27/merge",
"job_workflow_sha": "7f93a73b8273af5d35fcd70661704c1cadc57054",
"jti": "4a576b35-ff09-41c5-af2c-ca62dd89b76a",
"nbf": 1751560075,
"ref": "refs/pull/27/merge",
"ref_protected": "false",
"ref_type": "branch",
"repository": "github/actions-oidc-debugger",
"repository_id": "487920697",
"repository_owner": "github",
"repository_owner_id": "9919",
"repository_visibility": "public",
"run_attempt": "1",
"run_id": "16055869479",
"run_number": "33",
"runner_environment": "github-hosted",
"sha": "7f93a73b8273af5d35fcd70661704c1cadc57054",
"sub": "repo:github/actions-oidc-debugger:pull_request",
"workflow": "Test Debugger Action",
"workflow_ref": "github/actions-oidc-debugger/.github/workflows/action-test.yml@refs/pull/27/merge",
"workflow_sha": "7f93a73b8273af5d35fcd70661704c1cadc57054"
}Here is the general flow for developing this Action and releasing a new version:
This assumes you have goenv installed and the version listed in the .go-version file is installed as well.
go mod vendor && go mod tidy && go mod verifyPlease run script/release and publish a new release on GitHub from the resulting tag.
OIDC Debugger is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
Verified
OIDC Debugger is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.