From 13cc38b5141ffc86973a22536a8c85e0eee38dbe Mon Sep 17 00:00:00 2001
From: MoChilia <shiyingchen@microsoft.com>
Date: Wed, 24 May 2023 14:32:30 +0800
Subject: [PATCH 1/4] enable OIDC for sovereign clouds

---
 src/main.ts | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/main.ts b/src/main.ts
index 13ebea0cb..41af5f098 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -95,7 +95,7 @@ async function main() {
                 throw new Error("Credentials are not passed for Login action.");
             }
         }
-        //generic checks 
+        //generic checks
         //servicePrincipalKey is only required in non-oidc scenario.
         if (!servicePrincipalId || !tenantId || !(servicePrincipalKey || enableOIDC)) {
             throw new Error("Not all values are present in the credentials. Ensure clientId, clientSecret and tenantId are supplied.");
@@ -115,14 +115,15 @@ async function main() {
                 let audience = core.getInput('audience', { required: false });
                 federatedToken = await core.getIDToken(audience);
                 if (!!federatedToken) {
-                    if (environment != "azurecloud")
-                        throw new Error(`Your current environment - "${environment}" is not supported for OIDC login.`);
                     let [issuer, subjectClaim] = await jwtParser(federatedToken);
                     console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
                 }
+                else{
+                    throw new Error("Failed to fetch federated token.");
+                }
             }
             catch (error) {
-                core.error(`${error.message.split(':')[1]}. Please make sure to give write permissions to id-token in the workflow.`);
+                core.error(`${error}. Please make sure to give write permissions to id-token in the workflow.`);
             }
         }
 

From ae34beef2518f3f8eaa133164094ea7910cfa150 Mon Sep 17 00:00:00 2001
From: Shiying Chen <chenshiyingcn@163.com>
Date: Wed, 24 May 2023 15:26:52 +0800
Subject: [PATCH 2/4] Update README.md

---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index 3d6fc6840..fd32b8719 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,6 @@ With the [Azure Login](https://github.com/Azure/login/blob/master/action.yml) Ac
 Note:
 
 - Ensure the CLI version is 2.30 or above to use OIDC support.
-- OIDC support in Azure is supported only for public clouds. Support for other clouds like Government clouds, Azure Stacks would be added soon.
 - By default, Azure access tokens issued during OIDC based login could have limited validity. Azure access token issued by AD App (Service Principal) is expected to have an expiration of 1 hour by default. And with Managed Identities, it would be 24 hrs. This expiration time is further configurable in Azure. Refger to [access-token lifetime](https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#access-token-lifetime) for more details.
 
 ## Sample workflow that uses Azure login action to run az cli

From b1db778a6a42d78523df7d27a6b6b3a8ec07f6df Mon Sep 17 00:00:00 2001
From: MoChilia <shiyingchen@microsoft.com>
Date: Wed, 24 May 2023 16:44:24 +0800
Subject: [PATCH 3/4] change error handling method

---
 src/main.ts | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/main.ts b/src/main.ts
index 41af5f098..4ac6365f6 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -110,20 +110,20 @@ async function main() {
         // OIDC specific checks
         if (enableOIDC) {
             console.log('Using OIDC authentication...')
-            try {
-                //generating ID-token
-                let audience = core.getInput('audience', { required: false });
+            //generating ID-token
+            let audience = core.getInput('audience', { required: false });
+            try{
                 federatedToken = await core.getIDToken(audience);
-                if (!!federatedToken) {
-                    let [issuer, subjectClaim] = await jwtParser(federatedToken);
-                    console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
-                }
-                else{
-                    throw new Error("Failed to fetch federated token.");
-                }
             }
             catch (error) {
-                core.error(`${error}. Please make sure to give write permissions to id-token in the workflow.`);
+                throw new Error(`${error.message.split(':')[1]}. Please make sure to give write permissions to id-token in the workflow.`);
+            }
+            if (!!federatedToken) {
+                let [issuer, subjectClaim] = await jwtParser(federatedToken);
+                console.log("Federated token details: \n issuer - " + issuer + " \n subject claim - " + subjectClaim);
+            }
+            else{
+                throw new Error("Failed to fetch federated token.");
             }
         }
 

From ddfe2f4c731f0334354229f129700acf35d5f3a1 Mon Sep 17 00:00:00 2001
From: MoChilia <shiyingchen@microsoft.com>
Date: Wed, 24 May 2023 17:14:24 +0800
Subject: [PATCH 4/4] update

---
 src/main.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main.ts b/src/main.ts
index 4ac6365f6..4dc0804d3 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -116,7 +116,8 @@ async function main() {
                 federatedToken = await core.getIDToken(audience);
             }
             catch (error) {
-                throw new Error(`${error.message.split(':')[1]}. Please make sure to give write permissions to id-token in the workflow.`);
+                core.error(`Please make sure to give write permissions to id-token in the workflow.`);
+                throw error;
             }
             if (!!federatedToken) {
                 let [issuer, subjectClaim] = await jwtParser(federatedToken);