Adding az installation requirement to login error response (release PR) (#199)

* Update main.ts

* Update main.js

README.md

@@ -226,13 +226,15 @@ Follow the steps to configure Azure Service Principal with a secret:
 You can add federated credentials in the Azure portal or with the Microsoft Graph REST API.
 
 #### Azure portal
-1. Go to **Certificates and secrets**.  In the **Federated credentials** tab, select **Add credential**.  
-1. The **Add a credential** blade opens.
-1. In the **Federated credential scenario** box select **GitHub actions deploying Azure resources**.
-1. Specify the **Organization** and **Repository** for your GitHub Actions workflow which needs to access the Azure resources scoped by this App (Service Principal) 
-1. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value, based on how you have configured the trigger for your GitHub workflow. For a more detailed overview, see [GitHub OIDC guidance]( https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#defining-[…]dc-claims). 
-1. Add a **Name** for the federated credential.
-1. Click **Add** to configure the federated credential.
+1. [Register an application](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) in Azure Portal
+2. Within the registered application, Go to **Certificates & secrets**.  
+3. In the **Federated credentials** tab, select **Add credential**.  
+4. The **Add a credential** blade opens.
+5. In the **Federated credential scenario** box select **GitHub actions deploying Azure resources**.
+6. Specify the **Organization** and **Repository** for your GitHub Actions workflow which needs to access the Azure resources scoped by this App (Service Principal) 
+7. For **Entity type**, select **Environment**, **Branch**, **Pull request**, or **Tag** and specify the value, based on how you have configured the trigger for your GitHub workflow. For a more detailed overview, see [GitHub OIDC guidance]( https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#defining-[…]dc-claims). 
+8. Add a **Name** for the federated credential.
+9. Click **Add** to configure the federated credential.
 
 For a more detailed overview, see more guidance around [Azure Federated Credentials](https://docs.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation-create-trust-github). 
 

lib/main.js

@@ -1,14 +1,14 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function (o, m, k, k2) {
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function () { return m[k]; } });
-}) : (function (o, m, k, k2) {
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];
 }));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function (o, v) {
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
     Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function (o, v) {
+}) : function(o, v) {
     o["default"] = v;
 });
 var __importStar = (this && this.__importStar) || function (mod) {
@@ -140,6 +140,8 @@ function main() {
                 if (!!federatedToken) {
                     if (environment != "azurecloud")
                         throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`);
+                    let [issuer, subjectClaim] = yield jwtParser(federatedToken);
+                    console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
                 }
                 else {
                     throw new Error("Could not get ID token for authentication.");
@@ -211,10 +213,10 @@ function main() {
         }
         catch (error) {
             if (!isAzCLISuccess) {
-                core.setFailed("Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
+                core.setFailed("Az CLI Login failed. Please check the credentials and make sure az is installed on the runner. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
             }
             else {
-                core.setFailed(`Azure PowerShell Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
+                core.setFailed(`Azure PowerShell Login failed. Please check the credentials and make sure az is installed on the runner. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
             }
         }
         finally {
@@ -230,4 +232,12 @@ function executeAzCliCommand(command, silent, execOptions = {}, args = []) {
         yield exec.exec(`"${azPath}" ${command}`, args, execOptions);
     });
 }
+function jwtParser(federatedToken) {
+    return __awaiter(this, void 0, void 0, function* () {
+        let tokenPayload = federatedToken.split('.')[1];
+        let bufferObj = Buffer.from(tokenPayload, "base64");
+        let decodedPayload = JSON.parse(bufferObj.toString("utf8"));
+        return [decodedPayload['iss'], decodedPayload['sub']];
+    });
+}
 main();

src/main.ts

@@ -118,6 +118,8 @@ async function main() {
             if (!!federatedToken) {
                 if (environment != "azurecloud")
                     throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`);
+                let [issuer, subjectClaim] = await jwtParser(federatedToken);
+                console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
             }
             else {
                 throw new Error("Could not get ID token for authentication.");
@@ -206,10 +208,10 @@ async function main() {
     }
     catch (error) {
         if (!isAzCLISuccess) {
-            core.setFailed("Az CLI Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
+            core.setFailed("Az CLI Login failed. Please check the credentials and make sure az is installed on the runner. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows");
         }
         else {
-            core.setFailed(`Azure PowerShell Login failed. Please check the credentials. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
+            core.setFailed(`Azure PowerShell Login failed. Please check the credentials and make sure az is installed on the runner. For more information refer https://aka.ms/create-secrets-for-GitHub-workflows"`);
         }
     }
     finally {
@@ -227,4 +229,10 @@ async function executeAzCliCommand(
     execOptions.silent = !!silent;
     await exec.exec(`"${azPath}" ${command}`, args, execOptions);
 }
+async function jwtParser(federatedToken: string) {
+    let tokenPayload = federatedToken.split('.')[1];
+    let bufferObj = Buffer.from(tokenPayload, "base64");
+    let decodedPayload = JSON.parse(bufferObj.toString("utf8"));
+    return [decodedPayload['iss'], decodedPayload['sub']];
+}
 main();