Troubleshoot "OIDC Identity Token Missing on Step" error in Bitbucket Cloud Pipelines
Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.
Summary
When pulling private registry docker images in Bitbucket Pipelines, you may encounter an error message indicating "OIDC Identity Token Missing on Step." This error relates to the authentication process of pulling a docker image on a pipeline step using Bitbucket OIDC tokens.
1
2
3
4
5
6
7
8
9
10
image:
name: <aws_account_id>.dkr.ecr.<region>.amazonaws.com/bash:latest
aws:
oidc-role: arn:aws:iam::<aws_account_id>:role/<your_role_name>
pipelines:
default:
- step:
script:
- echo "Hello, World!"Solution
This error can be resolved by ensuring that the oidc:true configuration is correctly set within the pipeline step requiring access to OIDC tokens for image authentication and pulling.
Example:
1
2
3
4
5
6
7
8
9
10
11
image:
name: <aws_account_id>.dkr.ecr.<region>.amazonaws.com/bash:latest
aws:
oidc-role: arn:aws:iam::<aws_account_id>:role/<your_role_name>
pipelines:
default:
- step:
oidc: true
script:
- echo "Hello, World!"Even if the Docker image definition is global and the necessary OIDC role has been defined, the pipeline step needs to generate the required OIDC tokens in order to authenticate and pull docker images. By incorporating the oidc:true configuration within the appropriate pipeline step, you can overcome the "OIDC Identity Token Missing on Step" error in Bitbucket Pipelines.
If the above instructions do not assist in resolving the issue, please raise a support ticket or raise a community support ticket for further assistance with this.
Was this helpful?