debugging assuming role with OIDC.

mrudatsprint · mrudatsprint · commit d2ea69dec05a · 2026-02-10T11:45:18.000-07:00
diff --git a/.github/workflows/release-publish-ossrh.yml b/.github/workflows/release-publish-ossrh.yml
@@ -56,11 +56,17 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v6
 
+      - name: Debug OIDC token
+        run: |
+          TOKEN=$(curl -s -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
+            "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sts.amazonaws.com")
+          echo "$TOKEN" | jq -r '.value' | cut -d. -f2 | base64 -d 2>/dev/null | jq '.sub, .aud'
+          
       - name: set aws credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::752443094709:role/github-actions
-          role-session-name: github-actions
+          role-session-name: aws-auth-action
           aws-region: ${{ env.AWS_REGION }}
 
       - name: Get secrets by name
