Open StephenWithPH opened 3 months ago
@StephenWithPH Thanks for reporting this issue. We are looking into it and will keep you posted.
@StephenWithPH This fix should be available starting from Artifactory 7.87.1.
@yahavi ...
Unfortunately, this is now very hard to verify. I'm aware of changes to JFrog's API (https://jfrog.com/help/r/jfrog-rest-apis/get-tokens?page=40) such that GET /access/api/v1/tokens
no longer returns any short-lived tokens. Thus, the tokens generated via OIDC have stopped showing up at all. This is the same as in the web UI.
Therefore, I can't easily verify whether or not the OIDC-generated tokens are refreshable or not.
Describe the bug
Using this action per https://jfrog.com/blog/secure-access-development-jfrog-github-oidc/ results in a refreshable token being generated.
Current behavior
See above.
Reproduction steps
Use this action:
After, query access tokens via REST api or view them in web UI and see that the token issued for this job is refreshable.
Expected behavior
A non-refreshable token to be issued for this action which honors the configuration (including time to expiry) for the identity mapping that this action resolved to.
Setup JFrog CLI version
'jfrog/setup-jfrog-cli@v4' (SHA:d82fe26823e1f25529250895d5673f65b02af085)
JFrog CLI version
2.53.2
Workflow operating system type and version
Ubuntu 22.04.4 (runner version: '2.314.1')
JFrog Artifactory version (if relevant)
SaaS
JFrog Xray version (if relevant)
SaaS