[Bug] AWS Bedrock authentication failure with OIDC credentials in v2.1.96

Resolved 💬 3 comments Opened Apr 8, 2026 by bettlebrox Closed Apr 8, 2026

Bug Description
claude code review action was working with aws bedrock via oidc in v2.1.92 but stopped working in v2.1.96: Run audreyaieng/codereview@3c7592097a360067dfc3d84d5190d4b374db3a3f
with:
aws_role_to_assume: [REDACTED_AWS_VALUE]
client_id: *
private_key: ***
allowed_bots: *
aws_region: [REDACTED_AWS_VALUE]
auto_approve: true
blocking_categories: security,bug,breaking-change
model: eu.anthropic.claude-sonnet-4-6
max_turns: 20
process_feedback: false
Run actions/checkout@v4
Syncing repository: audreyaieng/audrey-app
Getting Git version info
Temporarily overriding HOME='/home/runner/work/_temp/2a833cb1-8f69-4d8c-be73-1c6f8599a1ed' before making global git config changes
Adding repository directory to the temporary git global config as a safe directory
/usr/bin/git config --global --add safe.directory /home/runner/work/audrey-app/audrey-app
Deleting the contents of '/home/runner/work/audrey-app/audrey-app'
Initializing the repository
"model": "<synthetic>",
"role": "assistant",
"stop_reason": "stop_sequence",
"stop_sequence": "",
"type": "message",
"usage": {
"input_tokens": 0,
"output_tokens": 0,
"cache_creation_input_tokens": 0,
"cache_read_input_tokens": 0,
"server_tool_use": {
"web_search_requests": 0,
"web_fetch_requests": 0
},
"service_tier": null,
"cache_creation": {
"ephemeral_1h_input_tokens": 0,
"ephemeral_5m_input_tokens": 0
},
"inference_geo": null,
"iterations": null,
"speed": null
},
"content": [
{
"type": "text",
"text": "Failed to authenticate. API Error: 403 Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. (Hashed with SHA-256 and encoded with Base64) Authorization=[REDACTED_TOKEN]"
}
],
"context_management": null
},
"parent_tool_use_id": null,
"session_id": "22689ed7-7bf4-4bb6-ade9-778aee73395a",
"uuid": "37ad1d9e-d6f9-46a0-924a-96136b0265d9",
"error": "authentication_failed"
}
{
"type": "result",
"subtype": "success",
"is_error": true,
"duration_ms": 181054,
"duration_api_ms": 0,
"num_turns": 1,
"result": "Failed to authenticate. API Error: 403 Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. (Hashed with SHA-256 and encoded with Base64) Authorization=[REDACTED_TOKEN]",
"stop_reason": "stop_sequence",
"session_id": "22689ed7-7bf4-4bb6-ade9-778aee73395a",
"total_cost_usd": 0,
"usage": {
"input_tokens": 0,
"cache_creation_input_tokens": 0,
"cache_read_input_tokens": 0,
"output_tokens": 0,
"server_tool_use": {
"web_search_requests": 0,
"web_fetch_requests": 0
},
"service_tier": "standard",
"cache_creation": {
"ephemeral_1h_input_tokens": 0,
"ephemeral_5m_input_tokens": 0
},
"inference_geo": "",
"iterations": [],
"speed": "standard"
},
"modelUsage": {},
"permission_denials": [],
"terminal_reason": "completed",
"fast_mode_state": "off",
"uuid": "bfe0ae80-81c1-4290-8a63-6855daf34ab8"
}
SDK execution error: 53 | new Anthropic({ apiKey, dangerouslyAllowBrowser: true });
54 | );this.baseURL=Y.baseURL,this.timeout=Y.timeout??kz.DEFAULT_TIMEOUT,this.logger=Y.logger??console;let z="warn";this.logLevel=z,this.logLevel=Hz(Y.logLevel,"ClientOptions.logLevel",this)??Hz(lX("ANTHROPIC_LOG"),"process.env['ANTHROPIC_LOG']",this)??z,this.fetchOptions=Y.fetchOptions,this.maxRetries=Y.maxRetries??2,this.fetch=Y.fetch??SH(),v(this,bJ,CH,"f"),this._options=Y,this.apiKey=[REDACTED] X==="string"?X:null,this.authToken=[REDACTED]}withOptions($){return new this.constructor({...this._options,baseURL:this.baseURL,maxRetries:this.maxRetries,timeout:this.timeout,logger:this.logger,logLevel:this.logLevel,fetch:this.fetch,fetchOptions:this.fetchOptions,apiKey:[REDACTED],authToken:[REDACTED],...$})}defaultQuery(){return this._options.defaultQuery}validateHeaders({values:$,nulls:X}){if($.get("x-api-key")||$.get("authorization"))return;if(this.apiKey&&$.get("x-api-key"))return;if(X.has("x-api-key"))return;if(this.authToken&&$.get("authorization"))return;if(X.has("authorization"))return;throw Error('Could not resolve
55 |
),X0=yF($,{recursive:!0}).then(()=>{}).catch(()=>{}),X0}function s$($){if(J0===null)return;let J=${new Date().toISOString()} ${$}
56 |
;fF().then(()=>{if(J0)TF(J0,J).ca…
Note: Content was truncated.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗