Enable Dual OIDC Integration Flow with Backward Compatibility

.github/workflows/cli-oidc-test.yml

@@ -0,0 +1,46 @@
+# This action is an integration test for OIDC workflow
+name: CLI OpenID Connect Test
+on:
+  push:
+    branches:
+      - master
+      - "**"
+
+  # Triggers the workflow on labeled PRs only.
+  pull_request_target:
+    types: [ labeled ]
+
+
+# Ensures that only the latest commit is running for each PR at a time.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}-${{ github.ref }}
+  cancel-in-progress: true
+permissions:
+  id-token: write
+jobs:
+  OIDC-Test:
+    if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push'
+    name: OIDC-Access integration test (${{ matrix.os }})
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu, windows, macos ]
+    runs-on: ${{ matrix.os }}-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          ref:
+            ${{ github.event.pull_request.head.ref || github.sha }}
+
+      - name: Setup JFrog CLI
+        id: setup-jfrog-cli
+        uses: ./
+        env:
+          JF_URL: ${{ secrets.JFROG_PLATFORM_URL }}
+        with:
+          oidc-provider-name: setup-jfrog-cli-test
+
+      - name: Test JFrog CLI
+        run: |
+          jf rt ping

.github/workflows/oidc-test.yml → .github/workflows/manual-oidc-test.yml

@@ -1,9 +1,11 @@
 # This action is an integration test for OIDC workflow
-name: OpenID Connect Test
+# Which uses the manual approach for backwards compliantly
+name: Manual OpenID Exchange Connect Test
 on:
   push:
     branches:
-      - master
+#      - master
+      - "**"
   # Triggers the workflow on labeled PRs only.
   pull_request_target:
     types: [ labeled ]

README.md

@@ -118,7 +118,21 @@ Example step utilizing OpenID Connect:
       oidc-provider-name: setup-jfrog-cli
 ```
 
-**Notice:** When using OIDC authentication, this action outputs both the OIDC token and the OIDC token username. These can be utilized within the current workflow to log into the JFrog platform through other actions or clients (e.g., for use with `docker login`). The added outputs are `oidc-token` and `oidc-user`, respectively.
+**Notice:**
+
+Depending on the version of the CLI and how it is provisioned, this action intelligently chooses the optimal OIDC authentication flow:
+
+✅ Native OIDC (Recommended Path)
+
+If you are using JFrog CLI version 2.75.0 or above and not downloading the CLI from Artifactory
+(via the download-repository input),
+the setup action will use the CLI's native `--oidc-token-id` authentication mechanism.
+
+🔁 Manual Fallback (for legacy or remote setups)
+
+If the CLI version is below 2.75.0, or if you're downloading the CLI from Artifactory using download-repository, the action will automatically fall back to a manual OIDC token exchange using the JFrog Platform REST API.
+
+📝 This fallback logic is kept for backward compatibility but is planned for deprecation to avoid maintaining duplicate authentication flows.
 
 ### Handling Self-Signed Certificates