Add id-token: write to workflow permissions to fix OIDC error


**Summary:**  
The AWS Backup Feature Discovery workflow is failing at the "Run Claude Code Feature Discovery" step due to a missing OIDC token. The error message is:

```
Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable
Did you remember to add id-token: write to your workflow permissions?
```

**Details:**  
The action anthropics/claude-code-action@beta requires OIDC authentication, but the workflow permissions in [.github/workflows/feature-discovery.yml (ref: bc17645ccb26b76253b5ff3121b33470c6b52f28)](https://github.com/lgallard/terraform-aws-backup/blob/bc17645ccb26b76253b5ff3121b33470c6b52f28/.github/workflows/feature-discovery.yml) do not include `id-token: write`.

**Solution:**  
Update the permissions section of the workflow to add:

```yaml
id-token: write
```

Example:
```yaml
permissions:
  contents: read
  issues: write
  actions: read
  id-token: write  # <-- Add this line
```

This will allow the job to fetch the OIDC token and proceed successfully.

**Reference:**  
- [Failing job log](https://github.com/lgallard/terraform-aws-backup/actions/runs/17350165025/job/49255219149#step:5:501)
- Workflow file: [.github/workflows/feature-discovery.yml (ref: bc17645ccb26b76253b5ff3121b33470c6b52f28)](https://github.com/lgallard/terraform-aws-backup/blob/bc17645ccb26b76253b5ff3121b33470c6b52f28/.github/workflows/feature-discovery.yml)

**Impact:**  
Without this fix, the automated feature discovery process cannot run successfully.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add id-token: write to workflow permissions to fix OIDC error #224

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Add id-token: write to workflow permissions to fix OIDC error #224

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions