1
0
Fork 0

Merge pull request #893 from actions/users/tihuang/oidcupdate

react to OIDC service change.
pull/919/head
Tingluo Huang 2021-08-26 09:27:16 -07:00 committed by GitHub
commit 5c3e1c231d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22048 additions and 51 deletions

22059
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -4,11 +4,6 @@ import {IRequestOptions} from '@actions/http-client/interfaces'
import {HttpClient} from '@actions/http-client' import {HttpClient} from '@actions/http-client'
import {BearerCredentialHandler} from '@actions/http-client/auth' import {BearerCredentialHandler} from '@actions/http-client/auth'
import {debug, setSecret} from './core' import {debug, setSecret} from './core'
interface TokenRequest {
aud?: string
}
interface TokenResponse { interface TokenResponse {
value?: string value?: string
} }
@ -25,19 +20,17 @@ export class OidcClient {
return new HttpClient( return new HttpClient(
'actions/oidc-client', 'actions/oidc-client',
[new BearerCredentialHandler(OidcClient.getRuntimeToken())], [new BearerCredentialHandler(OidcClient.getRequestToken())],
requestOptions requestOptions
) )
} }
private static getApiVersion(): string { private static getRequestToken(): string {
return '2.0' const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN']
}
private static getRuntimeToken(): string {
const token = process.env['ACTIONS_RUNTIME_TOKEN']
if (!token) { if (!token) {
throw new Error('Unable to get ACTIONS_RUNTIME_TOKEN env variable') throw new Error(
'Unable to get ACTIONS_ID_TOKEN_REQUEST_TOKEN env variable'
)
} }
return token return token
} }
@ -47,17 +40,14 @@ export class OidcClient {
if (!runtimeUrl) { if (!runtimeUrl) {
throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable') throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable')
} }
return `${runtimeUrl}?api-version=${OidcClient.getApiVersion()}` return runtimeUrl
} }
private static async postCall( private static async getCall(id_token_url: string): Promise<string> {
id_token_url: string,
data: TokenRequest
): Promise<string> {
const httpclient = OidcClient.createHttpClient() const httpclient = OidcClient.createHttpClient()
const res = await httpclient const res = await httpclient
.postJson<TokenResponse>(id_token_url, data) .getJson<TokenResponse>(id_token_url)
.catch(error => { .catch(error => {
throw new Error( throw new Error(
`Failed to get ID Token. \n `Failed to get ID Token. \n
@ -76,15 +66,15 @@ export class OidcClient {
static async getIDToken(audience?: string): Promise<string> { static async getIDToken(audience?: string): Promise<string> {
try { try {
// New ID Token is requested from action service // New ID Token is requested from action service
const id_token_url: string = OidcClient.getIDTokenUrl() let id_token_url: string = OidcClient.getIDTokenUrl()
if (audience) {
const encodedAudience = encodeURIComponent(audience)
id_token_url = `${id_token_url}&audience=${encodedAudience}`
}
debug(`ID token url is ${id_token_url}`) debug(`ID token url is ${id_token_url}`)
const data: TokenRequest = {aud: audience} const id_token = await OidcClient.getCall(id_token_url)
debug(`audience is ${audience ? audience : 'not defined'}`)
const id_token = await OidcClient.postCall(id_token_url, data)
setSecret(id_token) setSecret(id_token)
return id_token return id_token
} catch (error) { } catch (error) {