Exchanging JSON web token with an access token failed: Input required and not supplied: oidc-provider-name

[Jiri-Stary]

Describe the bug

env variables are not recognized - regression in v3.5.0

githubenv variables are not recognized, causing fallback to OICD which fails with this error

Current behavior

2024-01-17T17:02:34.2039427Z ::group::Setup JFrog CLI
2024-01-17T17:02:34.2039979Z ##[group]Setup JFrog CLI
2024-01-17T17:02:34.2056995Z ##[debug]Searching for JF_URL
2024-01-17T17:02:34.2057524Z ##[debug]JF_URL found
2024-01-17T17:02:34.2058097Z ##[debug]Searching for JF_ACCESS_TOKEN, JF_USER and JF_PASSWORD
2024-01-17T17:02:34.2059057Z JF_ACCESS_TOKEN and JF_USER + JF_PASSWORD weren't found. Getting access token using OpenID Connect
2024-01-17T17:02:34.2059835Z ##[debug]Fetching JSON web token
2024-01-17T17:02:34.2061755Z ##[debug]ID token url is https://pipelinesghubeus26.actions.githubusercontent.com/k75H1DBAfn7O6Mo0TRQmb014cDWVwCbkrZ6RY4JoockeD1mW9W/00000000-0000-0000-0000-000000000000/_apis/distributedtask/hubs/Actions/plans/a5b3151a-44ff-4c0a-bb81-7544446f9994/jobs/6604c111-019b-5ed5-ae03-3fa9f8925512/idtoken?api-version=2.0
2024-01-17T17:02:34.3042451Z ::add-mask::***
2024-01-17T17:02:34.3045055Z ##[debug]Exchanging JSON web token with an access token
2024-01-17T17:02:34.3070577Z ##[error]Exchanging JSON web token with an access token failed: Input required and not supplied: oidc-provider-name
2024-01-17T17:02:34.3071739Z ::endgroup::
2024-01-17T17:02:34.3072010Z ##[endgroup]
2024-01-17T17:02:34.3123024Z ##[debug]Node Action run completed with exit code 1
2024-01-17T17:02:34.3125937Z ##[debug]JFROG_CLI_ENV_EXCLUDE='password;secret;key;token;auth;JF_ARTIFACTORY_;JF_ENV_;JF_URL;JF_USER;JF_PASSWORD;JF_ACCESS_TOKEN'
2024-01-17T17:02:34.3126916Z ##[debug]JFROG_CLI_OFFER_CONFIG='false'
2024-01-17T17:02:34.3127418Z ##[debug]JFROG_CLI_BUILD_NAME='goldenfrog-demo'
2024-01-17T17:02:34.3127921Z ##[debug]JFROG_CLI_BUILD_NUMBER='50'
2024-01-17T17:02:34.3128783Z ##[debug]JFROG_CLI_BUILD_URL='***********'
2024-01-17T17:02:34.3130110Z ##[debug]JFROG_CLI_USER_AGENT='setup-jfrog-cli-github-action/3.5.0'

Reproduction steps

setup jfrog cli using setup action v3.5.0

Expected behavior

no error

Setup JFrog CLI version

3.5.0

JFrog CLI version

2.52.9

Workflow operating system type and version

linux, ubuntu

JFrog Artifactory version (if relevant)

No response

JFrog Xray version (if relevant)

No response

[sverdlov93]

Hi @Jiri-Stary
Thanks for reporting this issue.
We're sorry for the inconvenience caused by this.
Can you provide your GitHub action Yaml?
Additionally, could you tell me how did you provide the credentials? (secrets/Environment secrets, secrets/Repository secrets, variables/Environment variables, variables/Repository variables)

[Jiri-Stary]

I have an action i am calling from my main workflow. The secrets are stored as repo secrets and passed as input into the action.

I have extracted and sanitized the the code for the action. Going to previous version of setup-jfrog-cli "fixes" the issue.

name: build-temporary-container
inputs:
  image:
    description: 'docker image'
  ARTIFACTORY_USER:
    required: true
  ARTIFACTORY_PASS:
    required: true

    
runs:
  using: "composite"
  steps:  
  
   - name: setup jf cli
       uses: jfrog/setup-jfrog-cli@v3
       with:
          version: 2.51.1
     
     - name: Configure jf cli
       shell: bash
       continue-on-error: true
       run: |
          jf c add OSS-check --url='<hardcoded url>' --user=${{ inputs.ARTIFACTORY_USER }} --password=${{ inputs.ARTIFACTORY_PASS }} --interactive=false --overwrite=true
          printf "\n\n"
          jf c show
          printf "\n\n"

     - name: Credential helper
       shell: bash
       continue-on-error: true
       run: |
          sudo apt-get install -y docker-credential-*    
     
     - name: jf cli - pull base images
       shell: bash
       run: |         
          jf c use OSS-check
          jf rt ping
          full_image="${{ inputs.image}}"
          echo "Pulling $full_image"
          jfrog docker pull $full_image

[yahavi]

@Jiri-Stary
Setup JFrog CLI version 3.5.1 has been released, incorporating a fix for this issue. Feel free to continue using the v3 version to access the latest updates.

Your feedback on this is valuable to us.

[Jiri-Stary]

@yahavi

still getting the same issue

• weirdly i see both 3.5.0 and 3.5.1 version in the logs

2024-01-18T15:27:34.9411512Z ##[debug]Register post job cleanup for action: jfrog/[email protected]
2024-01-18T15:27:34.9419712Z ##[debug]Loading inputs
2024-01-18T15:27:34.9421674Z ##[debug]Loading env
2024-01-18T15:27:34.9426640Z ##[group]Run jfrog/[email protected]
2024-01-18T15:27:34.9426989Z with:
2024-01-18T15:27:34.9427210Z version: 2.51.1
2024-01-18T15:27:34.9427451Z env:
2024-01-18T15:27:34.9427711Z USER: ***
2024-01-18T15:27:34.9428212Z PASS: ***
2024-01-18T15:27:34.9428606Z REPO: ****
2024-01-18T15:27:34.9429120Z JF_URL: *****
2024-01-18T15:27:34.9429484Z DOCKER_METADATA_OUTPUT_VERSION: main
2024-01-18T15:27:34.9430204Z DOCKER_METADATA_OUTPUT_TAGS: *********
2024-01-18T15:27:34.9435596Z DOCKER_METADATA_OUTPUT_LABELS: *******
2024-01-18T15:27:34.9443283Z DOCKER_METADATA_OUTPUT_ANNOTATIONS: *************
2024-01-18T15:27:34.9453863Z DOCKER_METADATA_OUTPUT_JSON: ********
2024-01-18T15:27:34.9466998Z DOCKER_METADATA_OUTPUT_BAKE_FILE: /home/runner/work/temp/docker-actions-toolkit-jhZTBG/docker-metadata-action-bake.json
2024-01-18T15:27:34.9467687Z ##[endgroup]
2024-01-18T15:27:35.0677863Z ::group::Setup JFrog CLI
2024-01-18T15:27:35.0678212Z ##[group]Setup JFrog CLI
2024-01-18T15:27:35.0694519Z The JFrog platform credentials were not configured. Obtaining an access token through OpenID Connect.
2024-01-18T15:27:35.0695764Z ##[debug]Fetching JSON web token
2024-01-18T15:27:35.0698863Z ##[debug]ID token url is https://pipelinesghubeus26.actions.githubusercontent.com/k75H1DBAfn7O6Mo0TRQmb014cDWVwCbkrZ6RY4JoockeD1mW9W/00000000-0000-0000-0000-000000000000/_apis/distributedtask/hubs/Actions/plans/a71d2b71-f44c-4e99-8dc3-b37e429fcccc/jobs/6604c111-019b-5ed5-ae03-3fa9f8925512/idtoken?api-version=2.0
2024-01-18T15:27:35.1359085Z ::add-mask::***
2024-01-18T15:27:35.1361561Z ##[debug]Exchanging JSON web token with an access token
2024-01-18T15:27:35.1398098Z ##[error]Exchanging JSON web token with an access token failed: Input required and not supplied: oidc-provider-name
2024-01-18T15:27:35.1399810Z ::endgroup::
2024-01-18T15:27:35.1400251Z ##[endgroup]
2024-01-18T15:27:35.1458846Z ##[debug]Node Action run completed with exit code 1
2024-01-18T15:27:35.1461926Z ##[debug]JFROG_CLI_ENV_EXCLUDE='password;secret;key;token;auth;JF_ARTIFACTORY;JF_ENV_;JF_URL;JF_USER;JF_PASSWORD;JF_ACCESS_TOKEN'
2024-01-18T15:27:35.1462893Z ##[debug]JFROG_CLI_OFFER_CONFIG='false'
2024-01-18T15:27:35.1463378Z ##[debug]JFROG_CLI_BUILD_NAME='goldenfrog-demo'
2024-01-18T15:27:35.1463865Z ##[debug]JFROG_CLI_BUILD_NUMBER='56'
2024-01-18T15:27:35.1464747Z ##[debug]JFROG_CLI_BUILD_URL=''
2024-01-18T15:27:35.1465775Z ##[debug]JFROG_CLI_USER_AGENT='setup-jfrog-cli-github-action/3.5.0'

[yahavi]

@Jiri-Stary
Appreciate your valuable feedback.

Do you happen to know the origin of the JF_URL environment variable? I couldn't spot it in your workflow. Taking it out or changing its name in your environment could be a possible workaround.
Additionally, by any chance, have you set the id-token: write permission in your workflow?

Also, does this issue occur in the latest 3.5.2 version?

Thanks.

[Jiri-Stary]

@yahavi

no, the issue did not get fixed by 3.5.2.
Still getting the issue

Exchanging JSON web token with an access token failed: Input required and not supplied: oidc-provider-name

There was a new warning after

Could not find JFrog CLI version '2.51.1' in tool cache

JF_URL is not set as i run this part of the code inside its own action, where it is not passed from parent workflow. I am using directly the hardcoded url

jf c add OSS-check --url='https://mckinsey.jfrog.io/' --user=${{ inputs.ARTIFACTORY_USER }} --password=${{ inputs.ARTIFACTORY_PASS }} --interactive=false --overwrite=true

Yes , I do have these permissions

permissions:
actions: read
contents: write
id-token: write
packages: write
pull-requests: write
checks: read

[Jiri-Stary]

tried adding JF_URL to setup command but no change

• uses: jfrog/setup-jfrog-cli@v3
  env:
  JF_URL: my-url

[yahavi]

Thanks, @Jiri-Stary.
We've initiated a pull request at #125 to address this issue.
Will make sure to keep you posted.

[yahavi]

Hey @Jiri-Stary,
JFrog CLI v3.5.3 is out now!
This release comes with the fix for the mentioned issue. Feel free to stick with the v3 tag for the latest updates.

We'd appreciate your feedback on that!