Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Some observations:

* it seems your package.json is still from an old iteration: https://github.com/saml-to/assume-aws-role-action/blob/main/...

* it was super opaque where this relative import comes from: https://github.com/saml-to/assume-aws-role-action/blob/main/... but after some sniffing around, it seems to be some openapi generation magick https://github.com/saml-to/assume-aws-role-action/blob/main/... against one of your own API endpoints https://github.com/saml-to/assume-aws-role-action/blob/main/... which seems to mean that using this toy is not "self contained" in the way that `sts:AssumeRoleWithWebIdentity` is



Thanks mdaniel for your observations!

I updated package.json!

On the note of the API endpoint. Yes that's correct, I've fashioned a backend API which handles converting of GitHub Repo Tokens to SAML Assertions: https://sso.saml.to/github/swagger.html#/IDP/AssumeRoleForRe...

And providing a static endpoint for SAML Metadata: https://saml.to/metadata

That being said, you're making my brain click a little bit and this could be converted into a "self contained" toy, with some additional work! The biggest piece of the puzzle is a consistent private key and certificate.

If that is of interest to you, could you create a GitHub Issue as a feature request?

Thanks!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: