From 61f71d536b7e5e0fb836b326b421d199f71cffae Mon Sep 17 00:00:00 2001 From: Nat Budin Date: Mon, 8 Jun 2026 21:25:17 -0700 Subject: [PATCH] Handle raw token response from Fly OIDC endpoint The endpoint returns the JWT token as a bare string, not wrapped in {"token":"..."} JSON. python3 was failing to parse it as JSON and exiting non-zero. Now try JSON first; fall back to treating the whole response as the token value. Co-Authored-By: Claude Sonnet 4.6 --- bin/entrypoint.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh index ca360c9d77..d6eaae8a76 100755 --- a/bin/entrypoint.sh +++ b/bin/entrypoint.sh @@ -24,12 +24,19 @@ if [ -n "$CHAMBER_SERVICE" ]; then echo "ERROR: Fly OIDC endpoint returned empty response (connection failure or permission denied on /.fly/api)" >&2 exit 1 fi - echo "$OIDC_RESPONSE" \ - | python3 -c "import sys,json; print(json.load(sys.stdin)['token'],end='')" \ - > "$TOKEN_FILE" || { - echo "ERROR: Failed to parse OIDC token. Response was: $OIDC_RESPONSE" >&2 - exit 1 - } + # The endpoint may return {"token":"..."} JSON or a raw token string. + OIDC_TOKEN=$(echo "$OIDC_RESPONSE" | python3 -c " +import sys, json +data = sys.stdin.read().strip() +try: + print(json.loads(data)['token'], end='') +except (json.JSONDecodeError, KeyError): + print(data, end='') +") || { + echo "ERROR: Failed to extract OIDC token. Response was: $OIDC_RESPONSE" >&2 + exit 1 + } + echo -n "$OIDC_TOKEN" > "$TOKEN_FILE" chown www:www "$TOKEN_FILE" export AWS_ROLE_ARN="$CHAMBER_AWS_ROLE_ARN" export AWS_WEB_IDENTITY_TOKEN_FILE="$TOKEN_FILE"