2021-07-01 02:41:28 +00:00
|
|
|
import * as core from '@actions/core'
|
2021-07-20 03:28:34 +00:00
|
|
|
import * as actions_http_client from '@actions/http-client'
|
2021-07-01 02:41:28 +00:00
|
|
|
import {
|
|
|
|
|
createHttpClient,
|
2021-07-20 03:28:34 +00:00
|
|
|
isSuccessStatusCode,
|
|
|
|
|
getApiVersion
|
2021-07-01 02:41:28 +00:00
|
|
|
} from './internal/utils'
|
2021-07-20 10:26:28 +00:00
|
|
|
import jwt_decode from 'jwt-decode'
|
2021-07-20 03:28:34 +00:00
|
|
|
import {getIDTokenFromEnv, getIDTokenUrl} from './internal/config-variables'
|
2021-07-01 02:41:28 +00:00
|
|
|
|
|
|
|
|
export async function getIDToken(audience: string): Promise<string> {
|
|
|
|
|
try {
|
|
|
|
|
//Check if id token is stored in environment variable
|
|
|
|
|
|
2021-07-20 03:28:34 +00:00
|
|
|
let id_token: string = getIDTokenFromEnv()
|
|
|
|
|
if (id_token !== undefined) {
|
2021-07-01 02:41:28 +00:00
|
|
|
const secondsSinceEpoch = Math.round(Date.now() / 1000)
|
2021-07-20 10:26:28 +00:00
|
|
|
const id_token_json: any = jwt_decode(id_token)
|
2021-07-26 10:17:48 +00:00
|
|
|
if ('exp' in id_token_json) {
|
2021-07-20 10:26:28 +00:00
|
|
|
if (id_token_json['exp'] - secondsSinceEpoch > 300) {
|
|
|
|
|
// Expiry time is more than 5 mins
|
|
|
|
|
return id_token
|
|
|
|
|
}
|
2021-07-26 10:17:48 +00:00
|
|
|
} else {
|
2021-07-20 10:26:28 +00:00
|
|
|
throw new Error('Expiry time not defined in ID Token')
|
|
|
|
|
}
|
2021-07-01 02:41:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// New ID Token is requested from action service
|
|
|
|
|
|
2021-07-20 03:28:34 +00:00
|
|
|
let id_token_url: string = getIDTokenUrl()
|
|
|
|
|
|
|
|
|
|
if (id_token_url === undefined) {
|
2021-07-01 02:41:28 +00:00
|
|
|
throw new Error(`ID Token URL not found`)
|
|
|
|
|
}
|
2021-07-20 03:28:34 +00:00
|
|
|
id_token_url = id_token_url + '?api-version=' + getApiVersion()
|
|
|
|
|
core.debug(`ID token url is ${id_token_url}`)
|
2021-07-01 02:41:28 +00:00
|
|
|
|
|
|
|
|
const httpclient = createHttpClient()
|
2021-07-20 03:28:34 +00:00
|
|
|
if (httpclient === undefined) {
|
2021-07-01 02:41:28 +00:00
|
|
|
throw new Error(`Failed to get Httpclient `)
|
|
|
|
|
}
|
|
|
|
|
core.debug(`Httpclient created ${httpclient} `) // debug is only output if you set the secret `ACTIONS_RUNNER_DEBUG` to true
|
|
|
|
|
|
2021-07-20 03:28:34 +00:00
|
|
|
const additionalHeaders = {
|
|
|
|
|
[actions_http_client.Headers.ContentType]:
|
|
|
|
|
actions_http_client.MediaTypes.ApplicationJson
|
|
|
|
|
}
|
2021-07-01 02:41:28 +00:00
|
|
|
|
2021-07-20 03:28:34 +00:00
|
|
|
const data: string = JSON.stringify({aud: audience})
|
|
|
|
|
const response = await httpclient.post(
|
|
|
|
|
id_token_url,
|
|
|
|
|
data,
|
|
|
|
|
additionalHeaders
|
|
|
|
|
)
|
2021-07-01 02:41:28 +00:00
|
|
|
|
2021-07-20 03:28:34 +00:00
|
|
|
if (!isSuccessStatusCode(response.message.statusCode)) {
|
2021-07-01 02:41:28 +00:00
|
|
|
throw new Error(
|
|
|
|
|
`Failed to get ID Token. Error message :${response.message.statusMessage} `
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const body: string = await response.readBody()
|
|
|
|
|
const val = JSON.parse(body)
|
2021-07-12 03:07:14 +00:00
|
|
|
id_token = val['value']
|
2021-07-01 02:41:28 +00:00
|
|
|
|
2021-07-20 03:28:34 +00:00
|
|
|
if (id_token === undefined) {
|
2021-07-01 02:41:28 +00:00
|
|
|
throw new Error(`Not able to fetch the ID token`)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Save ID Token in Env Variable
|
|
|
|
|
core.exportVariable('OIDC_TOKEN_ID', id_token)
|
|
|
|
|
|
|
|
|
|
return id_token
|
|
|
|
|
} catch (error) {
|
|
|
|
|
core.setFailed(error.message)
|
|
|
|
|
return error.message
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-07-20 03:28:34 +00:00
|
|
|
//module.exports.getIDToken = getIDToken
|
|
|
|
|
|
2021-07-20 10:26:28 +00:00
|
|
|
//getIDToken('ghactions')
|
