Error handling for token permissions (#235)

2026-06-05 16:08:19 +00:00 · 2022-06-21 16:44:24 +05:30 · 2022-06-21 16:44:24 +05:30 · 24848bc889
commit 24848bc889
parent ec3c14589b
3 changed files with 25 additions and 21 deletions
--- a/action.yml
+++ b/action.yml
@ -34,5 +34,5 @@ branding:
  icon: 'login.svg'
  color: 'blue'
 runs:
-  using: 'node12'
+  using: 'node16'
  main: 'lib/main.js'
--- a/lib/main.js
+++ b/lib/main.js
@ -132,17 +132,19 @@ function main() {
            // OIDC specific checks
            if (enableOIDC) {
                console.log('Using OIDC authentication...');
-                //generating ID-token
-                let audience = core.getInput('audience', { required: false });
-                federatedToken = yield core.getIDToken(audience);
-                if (!!federatedToken) {
-                    if (environment != "azurecloud")
-                        throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`);
-                    let [issuer, subjectClaim] = yield jwtParser(federatedToken);
-                    console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
+                try {
+                    //generating ID-token
+                    let audience = core.getInput('audience', { required: false });
+                    federatedToken = yield core.getIDToken(audience);
+                    if (!!federatedToken) {
+                        if (environment != "azurecloud")
+                            throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`);
+                        let [issuer, subjectClaim] = yield jwtParser(federatedToken);
+                        console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
+                    }
                }
-                else {
-                    throw new Error("Could not get ID token for authentication.");
+                catch (error) {
+                    core.error(`${error.message.split(':')[1]}. Please make sure to give write permissions to id-token in the workflow.`);
                }
            }
            // Attempting Az cli login
--- a/src/main.ts
+++ b/src/main.ts
@ -110,17 +110,19 @@ async function main() {
        // OIDC specific checks
        if (enableOIDC) {
            console.log('Using OIDC authentication...')
-            //generating ID-token
-            let audience = core.getInput('audience', { required: false });
-            federatedToken = await core.getIDToken(audience);
-            if (!!federatedToken) {
-                if (environment != "azurecloud")
-                    throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`);
-                let [issuer, subjectClaim] = await jwtParser(federatedToken);
-                console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
+            try {
+                //generating ID-token
+                let audience = core.getInput('audience', { required: false });
+                federatedToken = await core.getIDToken(audience);
+                if (!!federatedToken) {
+                    if (environment != "azurecloud")
+                        throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`);
+                    let [issuer, subjectClaim] = await jwtParser(federatedToken);
+                    console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
+                }
            }
-            else {
-                throw new Error("Could not get ID token for authentication.");
+            catch (error) {
+                core.error(`${error.message.split(':')[1]}. Please make sure to give write permissions to id-token in the workflow.`);
            }
        }