Skip to content

dump openssl version #16

dump openssl version

dump openssl version #16

Workflow file for this run

name: oidc-test
on:
push:
branches: [main]
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
fetch-jwks-ubuntu:
runs-on: ubuntu-latest
steps:
- name: fetch jwks
run: |
set -x
curl -L https://token.actions.githubusercontent.com/.well-known/openid-configuration
curl -L https://token.actions.githubusercontent.com/.well-known/jwks.json
fetch-jwks-macos:
runs-on: macos-latest
steps:
- name: fetch jwks
run: |
set -x
curl -L https://token.actions.githubusercontent.com/.well-known/openid-configuration
curl -L https://token.actions.githubusercontent.com/.well-known/jwks.json
oidc-test:
runs-on: ubuntu-latest
env:
CURLOPT_SSL_CIPHER_LIST: AES256+EECDH:AES256+EDH
CURLOPT_VERBOSE: 1
steps:
- name: dump curl options
run: |
env | sort -u
openssl version
- name: fetch openidc-configuration
run: curl --trace-ascii /tmp/curl.log --trace-time -L https://token.actions.githubusercontent.com/.well-known/openid-configuration
- name: fetch jwks
run: |
curl --trace-ascii /tmp/curl.log --trace-time -L https://token.actions.githubusercontent.com/.well-known/jwks.json
- name: fetch openidc-configuration again
run: curl --trace-ascii /tmp/curl.log --trace-time -L https://token.actions.githubusercontent.com/.well-known/openid-configuration
- name: Install OIDC Client from Core Package
run: npm install @actions/core@1.6.0 @actions/http-client jwks-rsa jsonwebtoken
- name: Get Id Token
uses: actions/github-script@v6
id: idtoken
with:
script: |
const coredemo = require('@actions/core');
let githubJwt = await coredemo.getIDToken();
console.log("Here we have an ID token `id_token` - we can send this to our backend")
const jwksClient = require('jwks-rsa'); // from auth0
const jwt = require('jsonwebtoken');
const githubActionsOpenIdConfigurationUri = 'https://token.actions.githubusercontent.com/.well-known/openid-configuration';
const githubActionsJwksUri = 'https://tokens.actions.githubusercontent.com/.well-known/jwks.json';
console.log("Decoded GitHub Actions JWT", jwt.decode(githubJwt));
console.log("Attempting to verify token using key from GitHub Actions jwks.json");
var client = jwksClient({ jwksUri: githubActionsJwksUri });
const getGithubActionsJwks = (header, callback) => {
client.getSigningKey(header.kid, (err, key) => {
if (err) console.error('signing key fetch error', err);
var signingKey = key.publicKey || key.rsaPublicKey;
callback(null, signingKey);
});
}
jwt.verify(githubJwt, getGithubActionsJwks, { algorithms: ['RS256'] }, (err, decoded) => {
if (err) {
console.error('JWT verification failed:', err.message);
} else {
console.log('JWT verified successfully');
console.log('Decoded payload:', decoded);
}
});
- name: dump curl logs
if: always()
run:
cat /tmp/curl.log