diff --git a/provider/assume-role/assume-role.go b/provider/assume-role/assume-role.go
index 1986035..d667116 100644
--- a/provider/assume-role/assume-role.go
+++ b/provider/assume-role/assume-role.go
@@ -2,8 +2,6 @@ package assumerole
 
 import (
 	"context"
-	"crypto/sha256"
-	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -81,21 +79,20 @@ func NewHandler() *Handler {
 }
 
 type requestBody struct {
-	GitHubToken         string `json:"github_token"`
-	IDToken             string `json:"id_token"`
-	RoleToAssume        string `json:"role_to_assume"`
-	RoleSessionName     string `json:"role_session_name"`
-	DurationSeconds     int32  `json:"duration_seconds"`
-	Repository          string `json:"repository"`
-	UseNodeID           bool   `json:"use_node_id"`
-	ObfuscateRepository string `json:"obfuscate_repository"`
-	APIURL              string `json:"api_url"`
-	SHA                 string `json:"sha"`
-	RoleSessionTagging  bool   `json:"role_session_tagging"`
-	RunID               string `json:"run_id"`
-	Workflow            string `json:"workflow"`
-	Actor               string `json:"actor"`
-	Branch              string `json:"branch"`
+	GitHubToken        string `json:"github_token"`
+	IDToken            string `json:"id_token"`
+	RoleToAssume       string `json:"role_to_assume"`
+	RoleSessionName    string `json:"role_session_name"`
+	DurationSeconds    int32  `json:"duration_seconds"`
+	Repository         string `json:"repository"`
+	UseNodeID          bool   `json:"use_node_id"`
+	APIURL             string `json:"api_url"`
+	SHA                string `json:"sha"`
+	RoleSessionTagging bool   `json:"role_session_tagging"`
+	RunID              string `json:"run_id"`
+	Workflow           string `json:"workflow"`
+	Actor              string `json:"actor"`
+	Branch             string `json:"branch"`
 }
 
 type responseBody struct {
@@ -520,17 +517,7 @@ func (h *Handler) assumeRole(ctx context.Context, nextIDFormat bool, idToken *gi
 	if req.UseNodeID {
 		input.ExternalId = aws.String(repo.NodeID)
 	} else {
-		switch req.ObfuscateRepository {
-		case "sha256":
-			hash := sha256.Sum256([]byte(req.Repository))
-			input.ExternalId = aws.String("sha256:" + hex.EncodeToString(hash[:]))
-		case "":
-			input.ExternalId = aws.String(req.Repository)
-		default:
-			return nil, &validationError{
-				message: fmt.Sprintf("invalid obfuscate repository type: %s", req.ObfuscateRepository),
-			}
-		}
+		input.ExternalId = aws.String(req.Repository)
 	}
 	input.DurationSeconds = aws.Int32(req.DurationSeconds)
 	resp, err := h.sts.AssumeRole(ctx, &input)
diff --git a/provider/assume-role/assume-role_test.go b/provider/assume-role/assume-role_test.go
index 71f3563..c2d3c39 100644
--- a/provider/assume-role/assume-role_test.go
+++ b/provider/assume-role/assume-role_test.go
@@ -339,54 +339,6 @@ func TestAssumeRole_UseNodeID(t *testing.T) {
 	}
 }
 
-func TestAssumeRole_ObfuscateRepository(t *testing.T) {
-	h := &Handler{
-		github: &githubClientMock{
-			GetRepoFunc: dummyGetRepoFunc,
-			GetUserFunc: dummyGetUserFunc,
-			ValidateAPIURLFunc: func(url string) error {
-				return nil
-			},
-		},
-		sts: &stsClientMock{
-			AssumeRoleFunc: func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) {
-				if params.ExternalId == nil {
-					return nil, errAccessDenied
-				}
-				if got, want := aws.ToString(params.ExternalId), "sha256:339c2238399e1150eb8d76a7a74cfd92448d347dc4212bad33a4978edfc455e0"; want != got {
-					t.Errorf("unexpected external id: want %q, got %q", want, got)
-					return nil, errAccessDenied
-				}
-				return &sts.AssumeRoleOutput{
-					Credentials: &types.Credentials{
-						AccessKeyId:     aws.String("AKIAIOSFODNN7EXAMPLE"),
-						SecretAccessKey: aws.String("wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"),
-						SessionToken:    aws.String("session-token"),
-					},
-				}, nil
-			},
-		},
-	}
-	resp, err := h.assumeRole(context.Background(), false, nil, &requestBody{
-		RoleToAssume:        "arn:aws:iam::123456789012:role/assume-role-test",
-		RoleSessionName:     "GitHubActions",
-		Repository:          "fuller-inc/actions-aws-assume-role",
-		ObfuscateRepository: "sha256",
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-	if resp.AccessKeyId != "AKIAIOSFODNN7EXAMPLE" {
-		t.Errorf("want %q, got %q", "AKIAIOSFODNN7EXAMPLE", resp.AccessKeyId)
-	}
-	if resp.SecretAccessKey != "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" {
-		t.Errorf("want %q, got %q", "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", resp.SecretAccessKey)
-	}
-	if resp.SessionToken != "session-token" {
-		t.Errorf("want %q, got %q", "session-token", resp.SessionToken)
-	}
-}
-
 func TestSanitizeTagValue(t *testing.T) {
 	cases := []struct {
 		input  string