From 57e235ef5d76bf47b1809621dc232e7a4dc8305b Mon Sep 17 00:00:00 2001
From: Vasil Sudakou <vasil.sudakov@codefresh.io>
Date: Wed, 18 Jun 2025 18:18:26 +0400
Subject: [PATCH] draft: add TTL parameter

---
 incubating/obtain-oidc-id-token/step.yaml | 30 ++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/incubating/obtain-oidc-id-token/step.yaml b/incubating/obtain-oidc-id-token/step.yaml
index c4abae685..7589eb7b8 100644
--- a/incubating/obtain-oidc-id-token/step.yaml
+++ b/incubating/obtain-oidc-id-token/step.yaml
@@ -1,7 +1,7 @@
 version: '1.0'
 kind: step-type
 metadata:
-  version: 1.2.3
+  version: 1.3.0
   name: obtain-oidc-id-token
   description: >-
     Obtain ID token from Codefresh OIDC Provider
@@ -84,6 +84,10 @@ spec:
            "AUDIENCE": {
                "type": "string",
                "description": "the audience of the ID token. For multiple audiences, use a comma-separated list. Defaults to the address of the Codefresh platform instance (For SaaS, https://g.codefresh.io)"
+           },
+           "TTL": {
+               "type": "number",
+               "description": "TODO"
            }
         }
     }
@@ -111,23 +115,47 @@ spec:
       shell: bash
       environment:
         - 'AUDIENCE=${{AUDIENCE}}'
+        - 'TTL=${{TTL}}'
       commands:
         - |
           URL="$CF_OIDC_REQUEST_URL"
           
+          echo "vasil url: ${URL}"
+          
           # This means that audience was provided by the user
           if [ -z "$(echo "$AUDIENCE" | grep '${{AUDIENCE')" ]; then
             ENCODED_AUDIENCE=$(echo -n "$AUDIENCE" | jq -s -R -r '@uri')
             URL="$URL?audience=$ENCODED_AUDIENCE"
           fi
           
+          # This means that audience was provided by the user
+          if [ -z "$(echo "$TTL" | grep '${{TTL')" ]; then
+            # ENCODED_AUDIENCE=$(echo -n "$AUDIENCE" | jq -s -R -r '@uri')
+            
+            # TODO: don't use ? if audience was already added
+            URL="$URL?ttl=$TTL"
+          fi
+          
+          echo "vasil url: ${URL}"
+          
           RESPONSE=$(curl -H "Authorization: $CF_OIDC_REQUEST_TOKEN" "$URL")
+          
+          echo "vasil response: ${RESPONSE}"
+          
           ID_TOKEN=$(echo "$RESPONSE" | jq -r ".id_token")
           
+          echo "vasil token: ${ID_TOKEN}"
+          
           if [ -z "$ID_TOKEN" ] || [ "$ID_TOKEN" = "null" ]; then
+            echo "vasil exit flow"
+            
             echo "Failed to obtain ID token; API response:"
             echo "$RESPONSE"
             exit 1
           fi
           
+          echo "vasil before cf_export"
+          
           cf_export ID_TOKEN=$ID_TOKEN --mask
+          
+          echo "vasil after cf_export"