2021-10-15 22:41:54 +02:00
|
|
|
"use strict";
|
|
|
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
|
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
|
|
return new (P || (P = Promise))(function (resolve, reject) {
|
|
|
|
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
|
|
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
|
|
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
|
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
|
|
});
|
|
|
|
};
|
|
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
|
exports.OidcClient = void 0;
|
|
|
|
const http_client_1 = require("@actions/http-client");
|
2023-01-10 15:46:25 +01:00
|
|
|
const auth_1 = require("@actions/http-client/lib/auth");
|
2021-10-15 22:41:54 +02:00
|
|
|
const core_1 = require("./core");
|
|
|
|
class OidcClient {
|
|
|
|
static createHttpClient(allowRetry = true, maxRetry = 10) {
|
|
|
|
const requestOptions = {
|
|
|
|
allowRetries: allowRetry,
|
|
|
|
maxRetries: maxRetry
|
|
|
|
};
|
|
|
|
return new http_client_1.HttpClient('actions/oidc-client', [new auth_1.BearerCredentialHandler(OidcClient.getRequestToken())], requestOptions);
|
|
|
|
}
|
|
|
|
static getRequestToken() {
|
|
|
|
const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];
|
|
|
|
if (!token) {
|
|
|
|
throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_TOKEN env variable');
|
|
|
|
}
|
|
|
|
return token;
|
|
|
|
}
|
|
|
|
static getIDTokenUrl() {
|
|
|
|
const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];
|
|
|
|
if (!runtimeUrl) {
|
|
|
|
throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable');
|
|
|
|
}
|
|
|
|
return runtimeUrl;
|
|
|
|
}
|
|
|
|
static getCall(id_token_url) {
|
|
|
|
var _a;
|
|
|
|
return __awaiter(this, void 0, void 0, function* () {
|
|
|
|
const httpclient = OidcClient.createHttpClient();
|
|
|
|
const res = yield httpclient
|
|
|
|
.getJson(id_token_url)
|
|
|
|
.catch(error => {
|
|
|
|
throw new Error(`Failed to get ID Token. \n
|
|
|
|
Error Code : ${error.statusCode}\n
|
|
|
|
Error Message: ${error.result.message}`);
|
|
|
|
});
|
|
|
|
const id_token = (_a = res.result) === null || _a === void 0 ? void 0 : _a.value;
|
|
|
|
if (!id_token) {
|
|
|
|
throw new Error('Response json body do not have ID Token field');
|
|
|
|
}
|
|
|
|
return id_token;
|
|
|
|
});
|
|
|
|
}
|
|
|
|
static getIDToken(audience) {
|
|
|
|
return __awaiter(this, void 0, void 0, function* () {
|
|
|
|
try {
|
|
|
|
// New ID Token is requested from action service
|
|
|
|
let id_token_url = OidcClient.getIDTokenUrl();
|
|
|
|
if (audience) {
|
|
|
|
const encodedAudience = encodeURIComponent(audience);
|
|
|
|
id_token_url = `${id_token_url}&audience=${encodedAudience}`;
|
|
|
|
}
|
|
|
|
core_1.debug(`ID token url is ${id_token_url}`);
|
|
|
|
const id_token = yield OidcClient.getCall(id_token_url);
|
|
|
|
core_1.setSecret(id_token);
|
|
|
|
return id_token;
|
|
|
|
}
|
|
|
|
catch (error) {
|
|
|
|
throw new Error(`Error message: ${error.message}`);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
exports.OidcClient = OidcClient;
|
|
|
|
//# sourceMappingURL=oidc-utils.js.map
|