act OIDC "id-token" not available running Actions locally
GitHub OIDC issues short-lived id-tokens from a GitHub-hosted endpoint. act runs outside GitHub and has no such issuer, so permissions: id-token: write and cloud logins that rely on OIDC cannot get a token locally.
What this error means
A step (often a cloud login) fails with "Unable to get ACTIONS_ID_TOKEN_REQUEST_URL" or "OIDC token could not be requested" under act.
Error: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable
Error: Could not fetch an OIDC token from the GitHub providerCommon causes
No GitHub OIDC issuer locally
The OIDC request URL and token are provided by GitHub-hosted infrastructure that act does not replicate.
A step depends on federated cloud login
Actions that exchange an OIDC token for cloud credentials have nothing to exchange when run under act.
How to fix it
Use static credentials for local runs
Provide a scoped access key as a local secret instead of OIDC when testing with act.
act -s AWS_ACCESS_KEY_ID=... -s AWS_SECRET_ACCESS_KEY=... -j deploySkip OIDC-only steps locally
Guard cloud-login steps so they run on GitHub but are skipped under act.
- name: Cloud login (OIDC)
if: ${{ !env.ACT }}
uses: aws-actions/configure-aws-credentials@v4How to prevent it
- Do not rely on OIDC for steps you intend to test with act.
- Gate OIDC-only steps with
if: !env.ACT. - Use static, least-privilege credentials for local runs only.