You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 1, 2024. It is now read-only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This document outlines the steps required to configure Pulumi to accept Github id_tokens to be exchanged by Organization access tokens
This document outlines the steps required to configure Pulumi to accept Github id_tokens to be exchanged by Organization access tokens.
## Prerequisites
Expand All
@@ -27,12 +27,12 @@ Please note that this guide provides step-by-step instructions based on the offi
1. Submit the form
## Conrigure the Authorization Policies
## Configure the Authorization Policies
1. Click on the issuer name
1. Change the policy decision to `Allow`
1. Change the token type to `Organization`
1. Add a new rule and configure it to verify the token audience to match your github organization url: `aud: https://github.com/octo-org`. For further information about Github token claims refer to the [official Github documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token).
1. Add a new rule and configure it to allow calls from your repository: `repository: octo-org/octo-repo`. For further information about Github token claims refer to the [official Github documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token).
