GitHub Actions OIDC

Use the REST API to interact with JWTs for OIDC subject claims in GitHub Actions.

About GitHub Actions OIDC

You can use the REST API to query and manage a customization template for an OpenID Connect (OIDC) subject claim. For more information, see "About security hardening with OpenID Connect."

Set the GitHub Actions OIDC custom issuer policy for an enterprise

Sets the GitHub Actions OpenID Connect (OIDC) custom issuer policy for an enterprise. You must authenticate using an access token with the admin:enterprise scope to use this endpoint.

"Set the GitHub Actions OIDC custom issuer policy for an enterprise"에 대한 매개 변수

머리글
이름, Type, 설명
`accept` string Setting to `application/vnd.github+json` is recommended.

경로 매개 변수
이름, Type, 설명
`enterprise` string Required The slug version of the enterprise name. You can also substitute this value with the enterprise id.

본문 매개 변수
이름, Type, 설명
`include_enterprise_slug` boolean Whether the enterprise customer requested a custom issuer URL.

"Set the GitHub Actions OIDC custom issuer policy for an enterprise"에 대한 HTTP 응답 상태 코드

상태 코드	설명
`204`	No Content

"Set the GitHub Actions OIDC custom issuer policy for an enterprise"에 대한 코드 샘플

put/enterprises/{enterprise}/actions/oidc/customization/issuer

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/enterprises/ENTERPRISE/actions/oidc/customization/issuer \
  -d '{"include_enterprise_slug":true}'

Response

Status: 204

Get the customization template for an OIDC subject claim for an organization

Works with GitHub Apps

Gets the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the read:org scope to use this endpoint. GitHub Apps must have the organization_administration:write permission to use this endpoint.

"Get the customization template for an OIDC subject claim for an organization"에 대한 매개 변수

머리글
이름, Type, 설명
`accept` string Setting to `application/vnd.github+json` is recommended.

경로 매개 변수
이름, Type, 설명
`org` string Required The organization name. The name is not case sensitive.

"Get the customization template for an OIDC subject claim for an organization"에 대한 HTTP 응답 상태 코드

상태 코드	설명
`200`	A JSON serialized template for OIDC subject claim customization

"Get the customization template for an OIDC subject claim for an organization"에 대한 코드 샘플

get/orgs/{org}/actions/oidc/customization/sub

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/actions/oidc/customization/sub

A JSON serialized template for OIDC subject claim customization

Status: 200

{
  "include_claim_keys": [
    "repo",
    "context"
  ]
}

Set the customization template for an OIDC subject claim for an organization

Works with GitHub Apps

Creates or updates the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the write:org scope to use this endpoint. GitHub Apps must have the admin:org permission to use this endpoint.

"Set the customization template for an OIDC subject claim for an organization"에 대한 매개 변수

머리글
이름, Type, 설명
`accept` string Setting to `application/vnd.github+json` is recommended.

경로 매개 변수
이름, Type, 설명
`org` string Required The organization name. The name is not case sensitive.

본문 매개 변수
이름, Type, 설명
`include_claim_keys` array of strings Required Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.

"Set the customization template for an OIDC subject claim for an organization"에 대한 HTTP 응답 상태 코드

상태 코드	설명
`201`	Empty response
`403`	Forbidden
`404`	Resource not found

"Set the customization template for an OIDC subject claim for an organization"에 대한 코드 샘플

put/orgs/{org}/actions/oidc/customization/sub

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/actions/oidc/customization/sub \
  -d '{"include_claim_keys":["repo","context"]}'

Empty response

Status: 201

Get the customization template for an OIDC subject claim for a repository

Works with GitHub Apps

Gets the customization template for an OpenID Connect (OIDC) subject claim. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the organization_administration:read permission to use this endpoint.

"Get the customization template for an OIDC subject claim for a repository"에 대한 매개 변수

머리글
이름, Type, 설명
`accept` string Setting to `application/vnd.github+json` is recommended.

경로 매개 변수
이름, Type, 설명
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

"Get the customization template for an OIDC subject claim for a repository"에 대한 HTTP 응답 상태 코드

상태 코드	설명
`200`	Status response
`400`	Bad Request
`404`	Resource not found

"Get the customization template for an OIDC subject claim for a repository"에 대한 코드 샘플

get/repos/{owner}/{repo}/actions/oidc/customization/sub

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/actions/oidc/customization/sub

Status response

Status: 200

{
  "use_default": false,
  "include_claim_keys": [
    "repo",
    "context"
  ]
}

Set the customization template for an OIDC subject claim for a repository

Works with GitHub Apps

Sets the customization template and opt-in or opt-out flag for an OpenID Connect (OIDC) subject claim for a repository. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the actions:write permission to use this endpoint.

"Set the customization template for an OIDC subject claim for a repository"에 대한 매개 변수

머리글
이름, Type, 설명
`accept` string Setting to `application/vnd.github+json` is recommended.

경로 매개 변수
이름, Type, 설명
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

본문 매개 변수
이름, Type, 설명
`use_default` boolean Required Whether to use the default template or not. If `true`, the `include_claim_keys` field is ignored.
`include_claim_keys` array of strings Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.

"Set the customization template for an OIDC subject claim for a repository"에 대한 HTTP 응답 상태 코드

상태 코드	설명
`201`	Empty response
`400`	Bad Request
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

"Set the customization template for an OIDC subject claim for a repository"에 대한 코드 샘플

put/repos/{owner}/{repo}/actions/oidc/customization/sub

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/actions/oidc/customization/sub \
  -d '{"use_default":false,"include_claim_keys":["repo","context"]}'

Empty response

Status: 201