GitHub Actions OIDC
Use the REST API to interact with JWTs for OIDC subject claims in GitHub Actions.
About GitHub Actions OIDC
You can use the REST API to query and manage a customization template for an OpenID Connect (OIDC) subject claim. For more information, see "About security hardening with OpenID Connect."
Set the GitHub Actions OIDC custom issuer policy for an enterprise
Sets the GitHub Actions OpenID Connect (OIDC) custom issuer policy for an enterprise.
You must authenticate using an access token with the admin:enterprise
scope to use this endpoint.
"Set the GitHub Actions OIDC custom issuer policy for an enterprise"에 대한 매개 변수
이름, Type, 설명 |
---|
accept string Setting to |
이름, Type, 설명 |
---|
enterprise string RequiredThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
이름, Type, 설명 |
---|
include_enterprise_slug boolean Whether the enterprise customer requested a custom issuer URL. |
"Set the GitHub Actions OIDC custom issuer policy for an enterprise"에 대한 HTTP 응답 상태 코드
상태 코드 | 설명 |
---|---|
204 | No Content |
"Set the GitHub Actions OIDC custom issuer policy for an enterprise"에 대한 코드 샘플
curl -L \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/actions/oidc/customization/issuer \
-d '{"include_enterprise_slug":true}'
Response
Status: 204
Get the customization template for an OIDC subject claim for an organization
Gets the customization template for an OpenID Connect (OIDC) subject claim.
You must authenticate using an access token with the read:org
scope to use this endpoint.
GitHub Apps must have the organization_administration:write
permission to use this endpoint.
"Get the customization template for an OIDC subject claim for an organization"에 대한 매개 변수
이름, Type, 설명 |
---|
accept string Setting to |
이름, Type, 설명 |
---|
org string RequiredThe organization name. The name is not case sensitive. |
"Get the customization template for an OIDC subject claim for an organization"에 대한 HTTP 응답 상태 코드
상태 코드 | 설명 |
---|---|
200 | A JSON serialized template for OIDC subject claim customization |
"Get the customization template for an OIDC subject claim for an organization"에 대한 코드 샘플
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/actions/oidc/customization/sub
A JSON serialized template for OIDC subject claim customization
Set the customization template for an OIDC subject claim for an organization
Creates or updates the customization template for an OpenID Connect (OIDC) subject claim.
You must authenticate using an access token with the write:org
scope to use this endpoint.
GitHub Apps must have the admin:org
permission to use this endpoint.
"Set the customization template for an OIDC subject claim for an organization"에 대한 매개 변수
이름, Type, 설명 |
---|
accept string Setting to |
이름, Type, 설명 |
---|
org string RequiredThe organization name. The name is not case sensitive. |
이름, Type, 설명 |
---|
include_claim_keys array of strings RequiredArray of unique strings. Each claim key can only contain alphanumeric characters and underscores. |
"Set the customization template for an OIDC subject claim for an organization"에 대한 HTTP 응답 상태 코드
상태 코드 | 설명 |
---|---|
201 | Empty response |
403 | Forbidden |
404 | Resource not found |
"Set the customization template for an OIDC subject claim for an organization"에 대한 코드 샘플
curl -L \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/actions/oidc/customization/sub \
-d '{"include_claim_keys":["repo","context"]}'
Empty response
Get the customization template for an OIDC subject claim for a repository
Gets the customization template for an OpenID Connect (OIDC) subject claim.
You must authenticate using an access token with the repo
scope to use this
endpoint. GitHub Apps must have the organization_administration:read
permission to use this endpoint.
"Get the customization template for an OIDC subject claim for a repository"에 대한 매개 변수
이름, Type, 설명 |
---|
accept string Setting to |
이름, Type, 설명 |
---|
owner string RequiredThe account owner of the repository. The name is not case sensitive. |
repo string RequiredThe name of the repository without the |
"Get the customization template for an OIDC subject claim for a repository"에 대한 HTTP 응답 상태 코드
상태 코드 | 설명 |
---|---|
200 | Status response |
400 | Bad Request |
404 | Resource not found |
"Get the customization template for an OIDC subject claim for a repository"에 대한 코드 샘플
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/actions/oidc/customization/sub
Status response
Set the customization template for an OIDC subject claim for a repository
Sets the customization template and opt-in
or opt-out
flag for an OpenID Connect (OIDC) subject claim for a repository.
You must authenticate using an access token with the repo
scope to use this
endpoint. GitHub Apps must have the actions:write
permission to use this endpoint.
"Set the customization template for an OIDC subject claim for a repository"에 대한 매개 변수
이름, Type, 설명 |
---|
accept string Setting to |
이름, Type, 설명 |
---|
owner string RequiredThe account owner of the repository. The name is not case sensitive. |
repo string RequiredThe name of the repository without the |
이름, Type, 설명 |
---|
use_default boolean RequiredWhether to use the default template or not. If |
include_claim_keys array of strings Array of unique strings. Each claim key can only contain alphanumeric characters and underscores. |
"Set the customization template for an OIDC subject claim for a repository"에 대한 HTTP 응답 상태 코드
상태 코드 | 설명 |
---|---|
201 | Empty response |
400 | Bad Request |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
"Set the customization template for an OIDC subject claim for a repository"에 대한 코드 샘플
curl -L \
-X PUT \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/actions/oidc/customization/sub \
-d '{"use_default":false,"include_claim_keys":["repo","context"]}'
Empty response