Error message for missing tag is misleading

[v21]

If you leave out the "tag" parameter, you get this message: "OAuth identity empty, Maybe you need to populate it in the Secrets for your workflow, see more in https://docs.github.com/en/actions/security-guides/encrypted-secrets and https://tailscale.com/s/oauth-clients".

Ideally it should mention that the tag parameter might be the issue, or ideally flag a unique error.

[pmocek]

I see two problems being sort of muddled together, here.

1. This error message includes a term, "OAuth identity," that is not mentioned in any of Tailscale's OAuth client or GitHub Actions action documentation. a. Possibly when @DentonGentry used the term, he meant to refer to the action's oauth-client-id input parameter, which when used must contain what the Tailscale docs refer to as an OAuth client's client ID, which seems to correspond to an OAuth2 client identifier. b. Simple solution: s/OAuth identity/OAuth client ID/ or s/OAuth identity/Input parameter oauth-client-id/
2. This error message is provided not only when an OAuth client ID is expected but not provided, but also when an OAuth secret is provided without the required accompanying set of ACL tags. a. The patch supplied by @thisisparker attempts to solve this problem.

[rwenz3l]

Seconding this that the message is very misleading. I ran into this today and was very confused, because I double checked that the secrets exist and contain the values. There should be an emphasis in the README for the tags:

tags is a comma-separated list of one or more ACL Tags for the node. ⚠️ At least one tag is required!

[ji-podhead]

oh man not cool, please give better error report for this, or example workflow +acl and so on. just starting out with tailscale and was really confused about this error