GitHub Actions OIDC Integration Workflow

JFrog Platform Administration Documentation

Content Type
Administration / Platform

The following diagram provides the workflow of GitHub Action OIDC Integration with JFrog Platform.

  1. GitHub Actions Workflow requests for an ID token from the GitHub OIDC Provider when it encounters a connection to the JFrog Platform.

  2. GitHub OIDC Provider generates an ID token that contains multiple claims to establish a security-hardened and verifiable identity about the specific workflow that is trying to authenticate.

  3. The workflow sends the ID token to the JFrog Platform where JFrog Access processes the request.

  4. JFrog Access verifies the ID Token from GitHub by utilizing a certificate supplied from GitHub's JSON Web Key (JWK).

  5. JFrog Access validates claims in the ID token, the scope of the audience, and generates a short-lived access token that is available only for the duration that was configured when created the identity mapping.

  6. JFrog Access sends the access token to the GitHub Action Workflow to successfully validate the operation that involves the JFrog Platform.