debug: add OIDC token claims logging to diagnose CI failure

Mohitsharma44 · Mohitsharma44 · commit fb79fe7232d1 · 2026-02-11T22:36:04.000-08:00
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -26,6 +26,11 @@ jobs:
     if: github.event_name == 'pull_request'
 
     steps:
+      - name: Debug OIDC Token
+        run: |
+          IDTOKEN=$(curl -sS -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=sts.amazonaws.com" | jq -r '.value')
+          echo "$IDTOKEN" | cut -d. -f2 | base64 -d 2>/dev/null | jq '{sub, aud, iss, ref, repository}' || true
+
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
