Skip to content

Sync eng/common directory with azure-sdk-tools for PR 13875#45038

Open
azure-sdk wants to merge 1 commit intomainfrom
sync-eng/common-FixGithubLogin-13875
Open

Sync eng/common directory with azure-sdk-tools for PR 13875#45038
azure-sdk wants to merge 1 commit intomainfrom
sync-eng/common-FixGithubLogin-13875

Conversation

@azure-sdk
Copy link
Collaborator

@azure-sdk azure-sdk commented Feb 5, 2026

Sync eng/common directory with azure-sdk-tools for PR Azure/azure-sdk-tools#13875 See eng/common workflow

@weshaggard @azure-sdk
Fix base64 encoding for JWT token
ce2ef68 
 The eng/common/scripts/login-to-github.ps1 script was failing because it was using the standard Base64 encoded
  signature returned by Azure Key Vault directly in the JWT, instead of converting it to Base64URL format (which
  replaces + with -, / with _, and removes trailing =).

  I have fixed the script by adding the necessary character replacements and also added a 10-second clock skew buffer
  to the iat (issued at) claim to ensure validity.

  The script now runs successfully and logs in as azure-sdk-automation[bot].

  Changes made:

   - Modified eng/common/scripts/login-to-github.ps1:
    - Converted the signature from Azure Key Vault to Base64URL format.
    - Subtracted 10 seconds from the iat claim to account for potential clock skew.

  Verification:

   - Ran the script and confirmed it successfully resolved the installation ID for "Azure" and obtained an access
  token.
   - gh auth status output confirms successful login.
@azure-sdk azure-sdk requested a review from a team as a code owner February 5, 2026 18:02
@azure-sdk azure-sdk added EngSys This issue is impacting the engineering system. Central-EngSys This issue is owned by the Engineering System team. labels Feb 5, 2026
Copilot AI reviewed Feb 5, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR syncs the eng/common directory with azure-sdk-tools PR #13875, updating the GitHub authentication script to fix JWT token generation issues.

Changes:

  • Refactored Base64UrlEncode function to handle both raw strings and pre-encoded base64 strings
  • Added 10-second clock skew tolerance to JWT issued-at timestamp
  • Fixed signature encoding to properly handle Azure Key Vault's base64-encoded signature output

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@weshaggard weshaggard Awaiting requested review from weshaggard

At least 1 approving review is required to merge this pull request.

Assignees

@weshaggard weshaggard

Labels

Central-EngSys This issue is owned by the Engineering System team. EngSys This issue is impacting the engineering system.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@azure-sdk @weshaggard