Exchanging JSON web token with an access token failed: Input required and not supplied: oidc-provider-name
Closed this issue · 9 comments
Describe the bug
env variables are not recognized - regression in v3.5.0
githubenv variables are not recognized, causing fallback to OICD which fails with this error
Current behavior
2024-01-17T17:02:34.2039427Z ::group::Setup JFrog CLI
2024-01-17T17:02:34.2039979Z ##[group]Setup JFrog CLI
2024-01-17T17:02:34.2056995Z ##[debug]Searching for JF_URL
2024-01-17T17:02:34.2057524Z ##[debug]JF_URL found
2024-01-17T17:02:34.2058097Z ##[debug]Searching for JF_ACCESS_TOKEN, JF_USER and JF_PASSWORD
2024-01-17T17:02:34.2059057Z JF_ACCESS_TOKEN and JF_USER + JF_PASSWORD weren't found. Getting access token using OpenID Connect
2024-01-17T17:02:34.2059835Z ##[debug]Fetching JSON web token
2024-01-17T17:02:34.2061755Z ##[debug]ID token url is https://pipelinesghubeus26.actions.githubusercontent.com/k75H1DBAfn7O6Mo0TRQmb014cDWVwCbkrZ6RY4JoockeD1mW9W/00000000-0000-0000-0000-000000000000/_apis/distributedtask/hubs/Actions/plans/a5b3151a-44ff-4c0a-bb81-7544446f9994/jobs/6604c111-019b-5ed5-ae03-3fa9f8925512/idtoken?api-version=2.0
2024-01-17T17:02:34.3042451Z ::add-mask::***
2024-01-17T17:02:34.3045055Z ##[debug]Exchanging JSON web token with an access token
2024-01-17T17:02:34.3070577Z ##[error]Exchanging JSON web token with an access token failed: Input required and not supplied: oidc-provider-name
2024-01-17T17:02:34.3071739Z ::endgroup::
2024-01-17T17:02:34.3072010Z ##[endgroup]
2024-01-17T17:02:34.3123024Z ##[debug]Node Action run completed with exit code 1
2024-01-17T17:02:34.3125937Z ##[debug]JFROG_CLI_ENV_EXCLUDE='password;secret;key;token;auth;JF_ARTIFACTORY_;JF_ENV_;JF_URL;JF_USER;JF_PASSWORD;JF_ACCESS_TOKEN'
2024-01-17T17:02:34.3126916Z ##[debug]JFROG_CLI_OFFER_CONFIG='false'
2024-01-17T17:02:34.3127418Z ##[debug]JFROG_CLI_BUILD_NAME='goldenfrog-demo'
2024-01-17T17:02:34.3127921Z ##[debug]JFROG_CLI_BUILD_NUMBER='50'
2024-01-17T17:02:34.3128783Z ##[debug]JFROG_CLI_BUILD_URL='***********'
2024-01-17T17:02:34.3130110Z ##[debug]JFROG_CLI_USER_AGENT='setup-jfrog-cli-github-action/3.5.0'
Reproduction steps
setup jfrog cli using setup action v3.5.0
Expected behavior
no error
Setup JFrog CLI version
3.5.0
JFrog CLI version
2.52.9
Workflow operating system type and version
linux, ubuntu
JFrog Artifactory version (if relevant)
No response
JFrog Xray version (if relevant)
No response
Hi @Jiri-Stary
Thanks for reporting this issue.
We're sorry for the inconvenience caused by this.
Can you provide your GitHub action Yaml?
Additionally, could you tell me how did you provide the credentials? (secrets/Environment secrets, secrets/Repository secrets, variables/Environment variables, variables/Repository variables)
I have an action i am calling from my main workflow. The secrets are stored as repo secrets and passed as input into the action.
I have extracted and sanitized the the code for the action. Going to previous version of setup-jfrog-cli "fixes" the issue.
name: build-temporary-container
inputs:
image:
description: 'docker image'
ARTIFACTORY_USER:
required: true
ARTIFACTORY_PASS:
required: true
runs:
using: "composite"
steps:
- name: setup jf cli
uses: jfrog/setup-jfrog-cli@v3
with:
version: 2.51.1
- name: Configure jf cli
shell: bash
continue-on-error: true
run: |
jf c add OSS-check --url='<hardcoded url>' --user=${{ inputs.ARTIFACTORY_USER }} --password=${{ inputs.ARTIFACTORY_PASS }} --interactive=false --overwrite=true
printf "\n\n"
jf c show
printf "\n\n"
- name: Credential helper
shell: bash
continue-on-error: true
run: |
sudo apt-get install -y docker-credential-*
- name: jf cli - pull base images
shell: bash
run: |
jf c use OSS-check
jf rt ping
full_image="${{ inputs.image}}"
echo "Pulling $full_image"
jfrog docker pull $full_image
@Jiri-Stary
Setup JFrog CLI version 3.5.1 has been released, incorporating a fix for this issue. Feel free to continue using the v3 version to access the latest updates.
Your feedback on this is valuable to us.
still getting the same issue
- weirdly i see both 3.5.0 and 3.5.1 version in the logs
2024-01-18T15:27:34.9411512Z ##[debug]Register post job cleanup for action: jfrog/setup-jfrog-cli@v3.5.1
2024-01-18T15:27:34.9419712Z ##[debug]Loading inputs
2024-01-18T15:27:34.9421674Z ##[debug]Loading env
2024-01-18T15:27:34.9426640Z ##[group]Run jfrog/setup-jfrog-cli@v3.5.1
2024-01-18T15:27:34.9426989Z with:
2024-01-18T15:27:34.9427210Z version: 2.51.1
2024-01-18T15:27:34.9427451Z env:
2024-01-18T15:27:34.9427711Z USER: ***
2024-01-18T15:27:34.9428212Z PASS: ***
2024-01-18T15:27:34.9428606Z REPO: ****
2024-01-18T15:27:34.9429120Z JF_URL: *****
2024-01-18T15:27:34.9429484Z DOCKER_METADATA_OUTPUT_VERSION: main
2024-01-18T15:27:34.9430204Z DOCKER_METADATA_OUTPUT_TAGS: *********
2024-01-18T15:27:34.9435596Z DOCKER_METADATA_OUTPUT_LABELS: *******
2024-01-18T15:27:34.9443283Z DOCKER_METADATA_OUTPUT_ANNOTATIONS: *************
2024-01-18T15:27:34.9453863Z DOCKER_METADATA_OUTPUT_JSON: ********
2024-01-18T15:27:34.9466998Z DOCKER_METADATA_OUTPUT_BAKE_FILE: /home/runner/work/temp/docker-actions-toolkit-jhZTBG/docker-metadata-action-bake.json
2024-01-18T15:27:34.9467687Z ##[endgroup]
2024-01-18T15:27:35.0677863Z ::group::Setup JFrog CLI
2024-01-18T15:27:35.0678212Z ##[group]Setup JFrog CLI
2024-01-18T15:27:35.0694519Z The JFrog platform credentials were not configured. Obtaining an access token through OpenID Connect.
2024-01-18T15:27:35.0695764Z ##[debug]Fetching JSON web token
2024-01-18T15:27:35.0698863Z ##[debug]ID token url is https://pipelinesghubeus26.actions.githubusercontent.com/k75H1DBAfn7O6Mo0TRQmb014cDWVwCbkrZ6RY4JoockeD1mW9W/00000000-0000-0000-0000-000000000000/_apis/distributedtask/hubs/Actions/plans/a71d2b71-f44c-4e99-8dc3-b37e429fcccc/jobs/6604c111-019b-5ed5-ae03-3fa9f8925512/idtoken?api-version=2.0
2024-01-18T15:27:35.1359085Z ::add-mask::***
2024-01-18T15:27:35.1361561Z ##[debug]Exchanging JSON web token with an access token
2024-01-18T15:27:35.1398098Z ##[error]Exchanging JSON web token with an access token failed: Input required and not supplied: oidc-provider-name
2024-01-18T15:27:35.1399810Z ::endgroup::
2024-01-18T15:27:35.1400251Z ##[endgroup]
2024-01-18T15:27:35.1458846Z ##[debug]Node Action run completed with exit code 1
2024-01-18T15:27:35.1461926Z ##[debug]JFROG_CLI_ENV_EXCLUDE='password;secret;key;token;auth;JF_ARTIFACTORY;JF_ENV_;JF_URL;JF_USER;JF_PASSWORD;JF_ACCESS_TOKEN'
2024-01-18T15:27:35.1462893Z ##[debug]JFROG_CLI_OFFER_CONFIG='false'
2024-01-18T15:27:35.1463378Z ##[debug]JFROG_CLI_BUILD_NAME='goldenfrog-demo'
2024-01-18T15:27:35.1463865Z ##[debug]JFROG_CLI_BUILD_NUMBER='56'
2024-01-18T15:27:35.1464747Z ##[debug]JFROG_CLI_BUILD_URL=''
2024-01-18T15:27:35.1465775Z ##[debug]JFROG_CLI_USER_AGENT='setup-jfrog-cli-github-action/3.5.0'
@Jiri-Stary
Appreciate your valuable feedback.
Do you happen to know the origin of the JF_URL environment variable? I couldn't spot it in your workflow. Taking it out or changing its name in your environment could be a possible workaround.
Additionally, by any chance, have you set the id-token: write permission in your workflow?
Also, does this issue occur in the latest 3.5.2 version?
Thanks.
no, the issue did not get fixed by 3.5.2.
Still getting the issue
Exchanging JSON web token with an access token failed: Input required and not supplied: oidc-provider-name
There was a new warning after
Could not find JFrog CLI version '2.51.1' in tool cache
JF_URL is not set as i run this part of the code inside its own action, where it is not passed from parent workflow. I am using directly the hardcoded url
jf c add OSS-check --url='https://mckinsey.jfrog.io/' --user=${{ inputs.ARTIFACTORY_USER }} --password=${{ inputs.ARTIFACTORY_PASS }} --interactive=false --overwrite=true
Yes , I do have these permissions
permissions:
actions: read
contents: write
id-token: write
packages: write
pull-requests: write
checks: read
tried adding JF_URL to setup command but no change
- uses: jfrog/setup-jfrog-cli@v3
env:
JF_URL: my-url
Thanks, @Jiri-Stary.
We've initiated a pull request at #125 to address this issue.
Will make sure to keep you posted.
Hey @Jiri-Stary,
JFrog CLI v3.5.3 is out now!
This release comes with the fix for the mentioned issue. Feel free to stick with the v3 tag for the latest updates.
We'd appreciate your feedback on that!