When configuring OIDC authentication in Artifactory using the default GitHub provider, the request fails with a 400 Bad Request error in the logs.
Error Message in GitHub Actions
Exchanging JSON web token with an access token failed: [{"code":"BAD_REQUEST","message":"Invalid issuer URL : token=https://token.actions.githubusercontent.com expected=https://token.actions.githubusercontent.com/.well-known/jwks"}] Cause
The error indicates that the issuer URL extracted from the GitHub token does not match the expected default issuer URL. Artifactory expects the issuer to include the .well-known/jwks path, but the token does not provide it.
Solution
To resolve this issue, manually configure the OIDC integration as a Generic OpenID Connect provider instead of using the default GitHub provider with the following ProviderURL and Token issuer.
Steps to Fix:
1. Go to Administration > General Management > Manage Integrations
2. Select New Integration
3. Choose OpenID Connect as the provider type
4. Set the following values:
Provider URL: https://token.actions.githubusercontent.com
Token Issuer: https://token.actions.githubusercontent.com
5. Save the configuration and test authentication.