[Bug] AWS Bedrock authentication failure with OIDC credentials in v2.1.96
Bug Description
claude code review action was working with aws bedrock via oidc in v2.1.92 but stopped working in v2.1.96: Run audreyaieng/codereview@3c7592097a360067dfc3d84d5190d4b374db3a3f
with:
aws_role_to_assume: [REDACTED_AWS_VALUE]
client_id: *
private_key: ***
allowed_bots: *
aws_region: [REDACTED_AWS_VALUE]
auto_approve: true
blocking_categories: security,bug,breaking-change
model: eu.anthropic.claude-sonnet-4-6
max_turns: 20
process_feedback: false
Run actions/checkout@v4
Syncing repository: audreyaieng/audrey-app
Getting Git version info
Temporarily overriding HOME='/home/runner/work/_temp/2a833cb1-8f69-4d8c-be73-1c6f8599a1ed' before making global git config changes
Adding repository directory to the temporary git global config as a safe directory
/usr/bin/git config --global --add safe.directory /home/runner/work/audrey-app/audrey-app
Deleting the contents of '/home/runner/work/audrey-app/audrey-app'
Initializing the repository
"model": "<synthetic>",
"role": "assistant",
"stop_reason": "stop_sequence",
"stop_sequence": "",
"type": "message",
"usage": {
"input_tokens": 0,
"output_tokens": 0,
"cache_creation_input_tokens": 0,
"cache_read_input_tokens": 0,
"server_tool_use": {
"web_search_requests": 0,
"web_fetch_requests": 0
},
"service_tier": null,
"cache_creation": {
"ephemeral_1h_input_tokens": 0,
"ephemeral_5m_input_tokens": 0
},
"inference_geo": null,
"iterations": null,
"speed": null
},
"content": [
{
"type": "text",
"text": "Failed to authenticate. API Error: 403 Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. (Hashed with SHA-256 and encoded with Base64) Authorization=[REDACTED_TOKEN]"
}
],
"context_management": null
},
"parent_tool_use_id": null,
"session_id": "22689ed7-7bf4-4bb6-ade9-778aee73395a",
"uuid": "37ad1d9e-d6f9-46a0-924a-96136b0265d9",
"error": "authentication_failed"
}
{
"type": "result",
"subtype": "success",
"is_error": true,
"duration_ms": 181054,
"duration_api_ms": 0,
"num_turns": 1,
"result": "Failed to authenticate. API Error: 403 Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. (Hashed with SHA-256 and encoded with Base64) Authorization=[REDACTED_TOKEN]",
"stop_reason": "stop_sequence",
"session_id": "22689ed7-7bf4-4bb6-ade9-778aee73395a",
"total_cost_usd": 0,
"usage": {
"input_tokens": 0,
"cache_creation_input_tokens": 0,
"cache_read_input_tokens": 0,
"output_tokens": 0,
"server_tool_use": {
"web_search_requests": 0,
"web_fetch_requests": 0
},
"service_tier": "standard",
"cache_creation": {
"ephemeral_1h_input_tokens": 0,
"ephemeral_5m_input_tokens": 0
},
"inference_geo": "",
"iterations": [],
"speed": "standard"
},
"modelUsage": {},
"permission_denials": [],
"terminal_reason": "completed",
"fast_mode_state": "off",
"uuid": "bfe0ae80-81c1-4290-8a63-6855daf34ab8"
}
SDK execution error: 53 | new Anthropic({ apiKey, dangerouslyAllowBrowser: true });
54 | );this.baseURL=Y.baseURL,this.timeout=Y.timeout??kz.DEFAULT_TIMEOUT,this.logger=Y.logger??console;let z="warn";this.logLevel=z,this.logLevel=Hz(Y.logLevel,"ClientOptions.logLevel",this)??Hz(lX("ANTHROPIC_LOG"),"process.env['ANTHROPIC_LOG']",this)??z,this.fetchOptions=Y.fetchOptions,this.maxRetries=Y.maxRetries??2,this.fetch=Y.fetch??SH(),v(this,bJ,CH,"f"),this._options=Y,this.apiKey=[REDACTED] X==="string"?X:null,this.authToken=[REDACTED]}withOptions($){return new this.constructor({...this._options,baseURL:this.baseURL,maxRetries:this.maxRetries,timeout:this.timeout,logger:this.logger,logLevel:this.logLevel,fetch:this.fetch,fetchOptions:this.fetchOptions,apiKey:[REDACTED],authToken:[REDACTED],...$})}defaultQuery(){return this._options.defaultQuery}validateHeaders({values:$,nulls:X}){if($.get("x-api-key")||$.get("authorization"))return;if(this.apiKey&&$.get("x-api-key"))return;if(X.has("x-api-key"))return;if(this.authToken&&$.get("authorization"))return;if(X.has("authorization"))return;throw Error('Could not resolve ),X0=yF($,{recursive:!0}).then(()=>{}).catch(()=>{}),X0}function s$($){if(J0===null)return;let J=
55 | ${new Date().toISOString()} ${$};fF().then(()=>{if(J0)TF(J0,J).ca…
56 |
Note: Content was truncated.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗