actions
/
toolkit
mirror of https://github.com/actions/toolkit
1
0
Fork 0
Code

react to service changes.

pull/893/head
TingluoHuang 2021-08-25 16:47:39 -04:00
parent 3da67ac4cb
commit d7dd89f52b
1 changed files with 17 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
packages/core/src/oidc-utils.ts
View File

@ -1,13 +1,9 @@
/* eslint-disable @typescript-eslint/no-extraneous-class */ /* eslint-disable @typescript-eslint/no-extraneous-class */
import * as actions_http_client from '@actions/http-client' import * as actions_http_client from '@actions/http-client'
import {IRequestOptions} from '@actions/http-client/interfaces' import { IRequestOptions } from '@actions/http-client/interfaces'
import {HttpClient} from '@actions/http-client' import { HttpClient } from '@actions/http-client'
import {BearerCredentialHandler} from '@actions/http-client/auth' import { BearerCredentialHandler } from '@actions/http-client/auth'
import {debug, setSecret} from './core' import { debug, setSecret } from './core'
interface TokenRequest {
aud?: string
}
interface TokenResponse { interface TokenResponse {
value?: string value?: string
@ -25,19 +21,15 @@ export class OidcClient {
return new HttpClient( return new HttpClient(
'actions/oidc-client', 'actions/oidc-client',
[new BearerCredentialHandler(OidcClient.getRuntimeToken())], [new BearerCredentialHandler(OidcClient.getRequestToken())],
requestOptions requestOptions
) )
} }
private static getApiVersion(): string { private static getRequestToken(): string {
return '2.0' const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN']
}
private static getRuntimeToken(): string {
const token = process.env['ACTIONS_RUNTIME_TOKEN']
if (!token) { if (!token) {
throw new Error('Unable to get ACTIONS_RUNTIME_TOKEN env variable') throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_TOKEN env variable')
} }
return token return token
} }
@ -47,17 +39,16 @@ export class OidcClient {
if (!runtimeUrl) { if (!runtimeUrl) {
throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable') throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable')
} }
return `${runtimeUrl}?api-version=${OidcClient.getApiVersion()}` return runtimeUrl
} }
private static async postCall( private static async getCall(
id_token_url: string, id_token_url: string
data: TokenRequest
): Promise<string> { ): Promise<string> {
const httpclient = OidcClient.createHttpClient() const httpclient = OidcClient.createHttpClient()
const res = await httpclient const res = await httpclient
.postJson<TokenResponse>(id_token_url, data) .getJson<TokenResponse>(id_token_url)
.catch(error => { .catch(error => {
throw new Error( throw new Error(
`Failed to get ID Token. \n `Failed to get ID Token. \n
@ -76,15 +67,14 @@ export class OidcClient {
static async getIDToken(audience?: string): Promise<string> { static async getIDToken(audience?: string): Promise<string> {
try { try {
// New ID Token is requested from action service // New ID Token is requested from action service
const id_token_url: string = OidcClient.getIDTokenUrl() let id_token_url: string = OidcClient.getIDTokenUrl()
if (audience) {
id_token_url = `${id_token_url}&audience=${audience}`
}
debug(`ID token url is ${id_token_url}`) debug(`ID token url is ${id_token_url}`)
const data: TokenRequest = {aud: audience} const id_token = await OidcClient.getCall(id_token_url)
debug(`audience is ${audience ? audience : 'not defined'}`)
const id_token = await OidcClient.postCall(id_token_url, data)
setSecret(id_token) setSecret(id_token)
return id_token return id_token
} catch (error) { } catch (error) {