Add link to OIDC claim debugger (#49738)

Co-authored-by: hubwriter <hubwriter@github.com>
Joshuacobarrubia · Apr 16, 2024 · aa96d52 · aa96d52
1 parent e9511cb
commit aa96d52
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/...rity-hardening-your-deployments/about-security-hardening-with-openid-connect.md b/...rity-hardening-your-deployments/about-security-hardening-with-openid-connect.md
@@ -250,8 +250,6 @@ curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOK
 
 {% data reusables.actions.oidc-permissions-token %}
 
-{% ifversion actions-oidc-hardening-config %}
-
 ## Customizing the token claims
 
 You can security harden your OIDC configuration by customizing the claims that are included with the JWT. These customizations allow you to define more granular trust conditions on your cloud roles when allowing your workflows to access resources hosted in the cloud:
@@ -476,8 +474,6 @@ To configure the repository to use the organization's template, a repository adm
 }
 ```
 
-{% endif %}
-
 ## Updating your workflows for OIDC
 
 You can now update your YAML workflows to use OIDC access tokens instead of secrets. Popular cloud providers have published their official login actions that make it easy for you to get started with OIDC. For more information about updating your workflows, see the cloud-specific guides listed below in "[Enabling OpenID Connect for your cloud provider](#enabling-openid-connect-for-your-cloud-provider)."
@@ -502,3 +498,7 @@ To enable and configure OIDC for your specific cloud provider, see the following
 To enable and configure OIDC for another cloud provider, see the following guide:
 
 - "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers)"
+
+## Debugging your OIDC claims
+
+You can use the [`github/actions-oidc-debugger`](https://github.com/github/actions-oidc-debugger) action to visualize the claims that would be sent, before integrating with a cloud provider. This action requests a JWT and prints the claims included within the JWT that were received from {% data variables.product.prodname_actions %}.