-
Notifications
You must be signed in to change notification settings - Fork 59.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove id-token: read
from available permissions
#34306
Conversation
@janbrasna Thanks so much for opening a PR! I'll get this triaged for review ✨ |
Thanks for opening a pull request! We've triaged this issue for technical review by a subject matter expert 👀 |
Co-authored-by: Josh Gross <joshmgross@github.com>
Thanks for this contribution @janbrasna! I'll go ahead and merge this. |
Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues ⚡ |
There are confusions about what
id-token: read
means:token-id
permission options #26481id-token
permission #14626This aims to remove any ambiguity about the actual meaning of the values.
Why:
Closes: #33483
What's being changed (if available, include any code snippets, screenshots, or gifs):
Removes value not available to be set as per schema: https://github.com/actions/languageservices/blob/83bddd3332cb4dc988ded6784719527765619404/workflow-parser/src/workflow-v1.0.json#L1538-L1541
Also explains that write permission doesn't grant any write access to any resource, only to (request and) set the actual jwt for further consumption.
Check off the following:
I have reviewed my changes in staging, available via the View deployment link in this PR's timeline (this link will be available after opening the PR).
data
directory.For content changes, I have completed the self-review checklist.