Update main.js

Update main.ts
Update README.md
2026-03-13 18:17:09 -04:00 · 2022-01-19 22:54:56 +05:30 · 2022-01-19 22:54:29 +05:30 · 2021-12-13 23:18:32 +05:30 · 2021-12-07 00:22:23 +05:30
3 changed files with 36 additions and 16 deletions
--- a/README.md
+++ b/README.md
@@ -226,13 +226,15 @@ Follow the steps to configure Azure Service Principal with a secret:
 You can add federated credentials in the Azure portal or with the Microsoft Graph REST API.

 #### Azure portal
-1. Go to **Certificates and secrets**.  In the **Federated credentials** tab, select **Add credential**.  
-1. The **Add a credential** blade opens.
-1. In the **Federated credential scenario** box select **GitHub actions deploying Azure resources**.
-1. Specify the **Organization** and **Repository** for your GitHub Actions workflow which needs to access the Azure resources scoped by this App (Service Principal) 
-1. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value, based on how you have configured the trigger for your GitHub workflow. For a more detailed overview, see [GitHub OIDC guidance]( https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#defining-[…]dc-claims). 
-1. Add a **Name** for the federated credential.
-1. Click **Add** to configure the federated credential.
+1. [Register an application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) in Azure Portal
+2. Within the registered application, Go to **Certificates & secrets**.  
+3. In the **Federated credentials** tab, select **Add credential**.  
+4. The **Add a credential** blade opens.
+5. In the **Federated credential scenario** box select **GitHub actions deploying Azure resources**.
+6. Specify the **Organization** and **Repository** for your GitHub Actions workflow which needs to access the Azure resources scoped by this App (Service Principal) 
+7. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value, based on how you have configured the trigger for your GitHub workflow. For a more detailed overview, see [GitHub OIDC guidance]( https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#defining-[…]dc-claims). 
+8. Add a **Name** for the federated credential.
+9. Click **Add** to configure the federated credential.

 For a more detailed overview, see more guidance around [Azure Federated Credentials](https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation-create-trust-github). 

--- a/lib/main.js
+++ b/lib/main.js
@@ -1,14 +1,14 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function (o, m, k, k2) {
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function () { return m[k]; } });
-}) : (function (o, m, k, k2) {
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
 }));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function (o, v) {
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function (o, v) {
+}) : function(o, v) {
    o["default"] = v;
 });
 var __importStar = (this && this.__importStar) || function (mod) {
@@ -140,6 +140,8 @@ function main() {
                if (!!federatedToken) {
                    if (environment != "azurecloud")
                        throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`);
+                    let [issuer, subjectClaim] = yield jwtParser(federatedToken);
+                    console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
                }
                else {
                    throw new Error("Could not get ID token for authentication.");
@@ -211,10 +213,10 @@ function main() {
        }
        catch (error) {
            if (!isAzCLISuccess) {
-                core.setFailed("Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
+                core.setFailed("Az CLI Login failed. Please check the credentials and make sure az is installed on the runner. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
            }
            else {
-                core.setFailed(`Azure PowerShell Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
+                core.setFailed(`Azure PowerShell Login failed. Please check the credentials and make sure az is installed on the runner. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
            }
        }
        finally {
@@ -230,4 +232,12 @@ function executeAzCliCommand(command, silent, execOptions = {}, args = []) {
        yield exec.exec(`"${azPath}" ${command}`, args, execOptions);
    });
 }
+function jwtParser(federatedToken) {
+    return __awaiter(this, void 0, void 0, function* () {
+        let tokenPayload = federatedToken.split('.')[1];
+        let bufferObj = Buffer.from(tokenPayload, "base64");
+        let decodedPayload = JSON.parse(bufferObj.toString("utf8"));
+        return [decodedPayload['iss'], decodedPayload['sub']];
+    });
+}
 main();
--- a/src/main.ts
+++ b/src/main.ts
@@ -118,6 +118,8 @@ async function main() {
            if (!!federatedToken) {
                if (environment != "azurecloud")
                    throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`);
+                let [issuer, subjectClaim] = await jwtParser(federatedToken);
+                console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
            }
            else {
                throw new Error("Could not get ID token for authentication.");
@@ -206,10 +208,10 @@ async function main() {
    }
    catch (error) {
        if (!isAzCLISuccess) {
-            core.setFailed("Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
+            core.setFailed("Az CLI Login failed. Please check the credentials and make sure az is installed on the runner. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
        }
        else {
-            core.setFailed(`Azure PowerShell Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
+            core.setFailed(`Azure PowerShell Login failed. Please check the credentials and make sure az is installed on the runner. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
        }
    }
    finally {
@@ -227,4 +229,10 @@ async function executeAzCliCommand(
    execOptions.silent = !!silent;
    await exec.exec(`"${azPath}" ${command}`, args, execOptions);
 }
+async function jwtParser(federatedToken: string) {
+    let tokenPayload = federatedToken.split('.')[1];
+    let bufferObj = Buffer.from(tokenPayload, "base64");
+    let decodedPayload = JSON.parse(bufferObj.toString("utf8"));
+    return [decodedPayload['iss'], decodedPayload['sub']];
+}
 main();
Author	SHA1	Message	Date
Balaga Gayatri	4c79ffc971	Update main.js	2022-01-19 22:54:56 +05:30
Balaga Gayatri	1ac9fd6695	Update main.ts	2022-01-19 22:54:29 +05:30
Balaga Gayatri	94c2e154e6	Update README.md With added app registration details for OIDC	2021-12-13 23:18:32 +05:30
Balaga Gayatri	66d2e78565	Releasing federated token details in logs (#186 ) Displaying token details as logs	2021-12-07 00:22:23 +05:30