debug(oidc): print decoded JWT payload to diagnose audience mismatch
This commit is contained in:
Evert Daniel Romero Garrido
@@ -53,6 +53,17 @@ echo "Session Name : $SESSION_NAME"
|
|||||||
echo "Token file : $AWS_WEB_IDENTITY_TOKEN_FILE"
|
echo "Token file : $AWS_WEB_IDENTITY_TOKEN_FILE"
|
||||||
echo "Obteniendo credenciales temporales via STS..."
|
echo "Obteniendo credenciales temporales via STS..."
|
||||||
|
|
||||||
|
echo "=== Decoding OIDC Token ==="
|
||||||
|
python3 -c "
|
||||||
|
import json, base64, sys
|
||||||
|
t = open('${BITBUCKET_STEP_OIDC_TOKEN}').read().strip()
|
||||||
|
payload = t.split('.')[1]
|
||||||
|
padding = 4 - len(payload) % 4
|
||||||
|
if padding != 4: payload += '=' * padding
|
||||||
|
print(json.dumps(json.loads(base64.b64decode(payload)), indent=2))
|
||||||
|
"
|
||||||
|
echo "==========================="
|
||||||
|
|
||||||
CREDS=$(aws sts assume-role-with-web-identity \
|
CREDS=$(aws sts assume-role-with-web-identity \
|
||||||
--role-arn "$AWS_ROLE_ARN" \
|
--role-arn "$AWS_ROLE_ARN" \
|
||||||
--role-session-name "$SESSION_NAME" \
|
--role-session-name "$SESSION_NAME" \
|
||||||
|
|||||||
Reference in New Issue
Block a user