Created
March 11, 2023 22:31
-
-
Save stevengonsalvez/2a838b411c92069c391e31d5a5d3e57c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Example based actions/core documentation | |
const core = require('@actions/core'); | |
const { decode } = require('jsonwebtoken'); | |
const { axiosClient } = require('./axioshelp'); | |
getIDTokenAction().catch((error) =>{ | |
console.log('errors?',error) | |
}) | |
async function getIDTokenAction() { | |
const audience = core.getInput('audience', {required: false}) || "api://AzureADTokenExchange" | |
console.log('audience',audience) | |
const id_token2 = await core.getIDToken(audience).catch((error) => { | |
console.log('erros',error)}) | |
core.setOutput('id_token', id_token2) | |
console.log(decode(id_token2, {complete:true})) | |
var bearer = { | |
url: 'https://login.microsoftonline.com/<TENANT_ID_HERE>/oauth2/v2.0/token', | |
json: true, | |
data: { | |
grant_type:"client_credentials", | |
client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer', | |
client_id: '<CLIENT_ID_HERE>', | |
client_assertion: id_token2, | |
scope: 'https://graph.microsoft.com/.default', | |
} | |
} | |
var {data} = await axiosClient(bearer, true).catch((error) => { | |
console.log(error?.response?.data) | |
}) | |
console.log('aad response',data) | |
} |
running in a github action`
name: github jwt testing sandbox
on:
workflow_dispatch: # Allow manual triggering of the workflow
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
get-jwt:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- uses: actions/setup-node@v3
with:
node-version: 16
- name: Install OIDC Client from Core Package
run: npm install @actions/core@1.6.0 @actions/http-client axios jsonwebtoken
- name: Run script
id: idtoken
run: node .github/scripts/token.js
- name: Print JWT
run: |
echo ${{ steps.idtoken.outputs.id_token }}
sed 's/./&+/g; s/+$//' <<< ${{ steps.idtoken.outputs.id_token }}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
the helper function
axioshelp