Error: Incorrect token audience #291
Comments
|
@jatinmehrotra I think you need to update the audience from |
|
@bryantbiggs Thank you for the help, this works. |
rtyley
added a commit
to guardian/cdk
that referenced
this issue
Jun 23, 2022
This is an update to the construct that creates IAM resources for GitHub Actions, first introduced with #823 in early October 2021. Apparently the `ClientIdList` field should no longer be `sigstore`, as of 19th October 2021: aws-actions/configure-aws-credentials#291 aws-actions/configure-aws-credentials#280 (comment) aws-actions/configure-aws-credentials#284 The new value is `sts.amazonaws.com`, which I think corresponds to this line in the docs: > For the "Audience": Use sts.amazonaws.com if you are using the official action. https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws With the old value of `sigstore` in the `AWS::IAM::OIDCProvider` `ClientIdList` field, running the `aws-actions/configure-aws-credentials` GitHub Action will give you a "Error: Incorrect token audience" error: https://github.com/guardian/facia-scala-client/runs/7025740057?check_suite_focus=true#step:3:6
rtyley
added a commit
to guardian/cdk
that referenced
this issue
Jun 23, 2022
This is an update to the construct that creates IAM resources for GitHub Actions, first introduced with #823 in early October 2021. Apparently the `ClientIdList` field should no longer be `sigstore`, as of 19th October 2021: aws-actions/configure-aws-credentials#291 aws-actions/configure-aws-credentials#280 (comment) aws-actions/configure-aws-credentials#284 The new value is `sts.amazonaws.com`, which I think corresponds to this line in the docs: > For the "Audience": Use sts.amazonaws.com if you are using the official action. https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws With the old value of `sigstore` in the `AWS::IAM::OIDCProvider` `ClientIdList` field, running the `aws-actions/configure-aws-credentials` GitHub Action will give you a "Error: Incorrect token audience" error: https://github.com/guardian/facia-scala-client/runs/7025740057?check_suite_focus=true#step:3:6
rtyley
added a commit
to guardian/cdk
that referenced
this issue
Jun 23, 2022
This is an update to the construct that creates IAM resources for GitHub Actions, first introduced with #823 in early October 2021. Apparently the `ClientIdList` field should no longer be `sigstore`, as of 19th October 2021: aws-actions/configure-aws-credentials#291 aws-actions/configure-aws-credentials#280 (comment) aws-actions/configure-aws-credentials#284 The new value is `sts.amazonaws.com`, which I think corresponds to this line in the docs: > For the "Audience": Use sts.amazonaws.com if you are using the official action. https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws With the old value of `sigstore` in the `AWS::IAM::OIDCProvider` `ClientIdList` field, running the `aws-actions/configure-aws-credentials` GitHub Action will give you a "Error: Incorrect token audience" error: https://github.com/guardian/facia-scala-client/runs/7025740057?check_suite_focus=true#step:3:6
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Till yesterday the actions was working perfectly well, but from today I am seeing this error. Is it due to the latest commit?
The text was updated successfully, but these errors were encountered: