@@ -31,15 +31,15 @@ def get_oidc_token(self, audience: str) -> Optional[str]:
3131class AzureDevOpsOIDCTokenSupplier :
3232 """
3333 Supplies OIDC tokens from Azure DevOps pipelines.
34-
34+
3535 Constructs the OIDC token request URL using official Azure DevOps predefined variables.
3636 See: https://docs.microsoft.com/en-us/azure/devops/pipelines/build/variables
3737 """
3838
3939 def get_oidc_token (self , audience : str ) -> Optional [str ]:
4040 # Note: Azure DevOps OIDC tokens have a fixed audience of "api://AzureADTokenExchange"
4141 # The audience parameter is ignored but kept for interface compatibility with other OIDC suppliers
42-
42+
4343 # Check for required Azure DevOps environment variables
4444 access_token = os .environ .get ("SYSTEM_ACCESSTOKEN" )
4545 collection_uri = os .environ .get ("SYSTEM_TEAMFOUNDATIONCOLLECTIONURI" )
@@ -52,20 +52,20 @@ def get_oidc_token(self, audience: str) -> Optional[str]:
5252 if not all ([access_token , collection_uri , project_id , plan_id , job_id ]):
5353 # not in Azure DevOps pipeline
5454 return None
55-
55+
5656 try :
5757 # Construct the OIDC token request URL
5858 # Format: {collection_uri}{project_id}/_apis/distributedtask/hubs/{hubName}/plans/{planId}/jobs/{jobId}/oidctoken
5959 request_url = f"{ collection_uri } { project_id } { hub_name } { plan_id } { job_id }
60-
60+
6161 # Add API version (audience is fixed to "api://AzureADTokenExchange" by Azure DevOps)
6262 endpoint = f"{ request_url }
6363 headers = {
6464 "Authorization" : f"Bearer { access_token } ,
6565 "Content-Type" : "application/json" ,
66- "Content-Length" : "0"
66+ "Content-Length" : "0" ,
6767 }
68-
68+
6969 # Azure DevOps OIDC endpoint requires POST request with empty body
7070 response = requests .post (endpoint , headers = headers )
7171 if not response .ok :
0 commit comments