You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
* Update gitops-abac.md* Update oidc-pipelines.mdPartial implementation of feedback from Daniel Soifer* Update oidc-pipelines.md* Update screenshotsBlurred all details in screenshots* Update screenshots* Update oidc-pipelines.mdImplemented more feedback from Daniel S* Update add-cf-identity-provider.png* Update oidc-pipelines.md* Update oidc-pipelines.md
Copy file name to clipboardExpand all lines: _docs/integrations/oidc-pipelines.md
+19-6Lines changed: 19 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -186,23 +186,36 @@ max-width="60%"
186
186
%}
187
187
188
188
189
+
189
190
**What does the`obtain-oidc-id-token` Marketplace step do?**
190
191
191
192
The step:
192
193
193
-
1. Makes an API call to the Codefresh OIDC provider passing the`CF_OIDC_REQUEST_TOKEN` and the`CF_OIDC_REQUEST_URL`.
194
-
<!--- These two variables are injected into each build of the pipeline.-->
194
+
1. Makes an API call to the Codefresh OIDC provider passing the`CF_OIDC_REQUEST_TOKEN` and the`CF_OIDC_REQUEST_URL` variables.
195
+
196
+
>**NOTE**:
197
+
Codefresh injects these two variables for every pipeline build, ensuring their availability for use, regardless of the cloud provider's authentication mechanism, whether it's OIDC ID tokens or static credentials.
*`CF_OIDC_REQUEST_TOKEN` isa Codefreshaccess token used to request the OIDC ID token for the OIDC provider.
199
-
*`CF_OIDC_REQUEST_URL` is the URL from which the ID token is requested.
203
+
*`CF_OIDC_REQUEST_TOKEN` isanaccess token used to request the OIDC ID token for the OIDC provider.
204
+
*`CF_OIDC_REQUEST_URL` is the URL from whichto requestthe ID token.
200
205
206
+
You can also insert the`curl` command as an API call in a freestyle step to get the same result.
207
+
208
+
{:start="2"}
201
209
1. Sets the ID token in the`ID_TOKEN` environment variable.
202
210
You can use this environment variable in subsequent steps within the same pipeline.
203
211
204
-
>**Use API call in freestyle step**
205
-
You can also insert the`curl` command in a freestyle step to get the same result.
212
+
<br>
213
+
214
+
**Requesting new OIDC ID tokens during build**
215
+
* OIDC ID tokens expire after five minutes. If needed, you can request new OIDC ID tokens multiple times within the same pipeline, through the`obtain-oidc-id-token` step, or within a`freestyle` step with an API call.
216
+
217
+
* The`CF_OIDC_REQUEST_TOKEN` variable with the request token remains valid for the duration of the pipeline build. This restriction maintains security as requests for new OIDC tokens are limited to the build’s lifecycle.