Hi I m having an issue trying to using pulumi auth actions w Pulumi Community #general

Hi, I'm having an issue trying to using pulumi/aut...

delightful-winter-67113

06/10/2025, 10:20 PM

Hi, I'm having an issue trying to using pulumi/auth-actions with GitHub. I get the following error:

Copy code

Error: Invalid response from token exchange 400: Bad Request (invalid_request: validation error: invalid token: upstream error: fetching oidc issuer signing key upstream error: invalid certificate thumprint on OIDC provider response)

When I try to go to the dashboard OIDC Issuers it returns a 404 so I can't try to recreate the issuer to try to fix

happy-napkin-59884

06/10/2025, 10:33 PM

same here all CI pipelines down

happy-napkin-59884

06/10/2025, 10:33 PM

just started happening now.

happy-napkin-59884

06/10/2025, 10:44 PM

but i dont get 404 on the oidc issuer page on the dashboard, just the error on github actions.

delightful-winter-67113

06/10/2025, 10:48 PM

Strange, yea i still get 404 trying to access the oidc issuers page. for now im just using the access token in github to at least get the ci/cd to work again

happy-napkin-59884

06/10/2025, 10:57 PM

for anyone else, to be ready when OIDC goes down these snippets help:

Copy code

env:
      PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

Copy code

- name: Authenticate Pulumi Cloud
        if: ${{ !env.PULUMI_ACCESS_TOKEN }}
        uses: pulumi/auth-actions@v1

Then simply set or delete the the secret when pulumi oidc goes up or down, no further need to change workflow

delightful-winter-67113

06/11/2025, 3:35 PM

Resetting the thumbprints for the oidc issuer in the pulumi dashboard solved the issue

happy-napkin-59884

06/11/2025, 3:57 PM

yes that works, thank you.

able-market-62580

06/11/2025, 4:24 PM

@delightful-winter-67113 the 404 is caused by your email not being verified. Seems that you recently set your login with username and password. Let me know if you need help with that, I believe you should have received an email with the link to verify it

able-market-62580

06/11/2025, 4:26 PM

oidc exchange error was caused by github performing a certificate rotation. We updated all the thumbprints to match the new certificate and we are evaluating how to handle it better. If by chance it happens with other providers, you can regenerate the thumbprints from the issuers list (click on

...

and there is an action un the dropdown)

delightful-winter-67113

06/11/2025, 6:36 PM

Thanks! verified email and was able to get everything working

able-market-62580

06/11/2025, 6:45 PM

awesome!

5 Views

Open in Slack

Previous Next