Skip to content

v1: App token exchange failed #522

@pmatos

Description

@pmatos

Describe the bug

Claude review with v1 results in

Run oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76
  with:
    bun-version: 1.2.11
    no-cache: false
Cache hit for: wMLiZ8FsTgrkPpZKjrOwUG0XVBQ=
Received 0 of 34725459 (0.0%), 0.0 MBs/sec
Received 34725459 of 34725459 (100.0%), 23.7 MBs/sec
Cache Size: ~33 MB (34725459 B)
/usr/bin/tar -xf /home/runner/work/_temp/4c1e850b-5fdc-4fff-89b2-c757dd7b02fb/cache.tzst -P -C /home/runner/work/rightkey/rightkey --use-compress-program unzstd
Cache restored successfully
/home/runner/.bun/bin/bun --revision
1.2.11+cb6abd211
Using a cached version of Bun: 1.2.11+cb6abd211
Run cd ${GITHUB_ACTION_PATH}
bun install v1.2.11 (cb6abd21)

+ @types/bun@1.2.11
+ @types/node@20.19.9
+ @types/node-fetch@2.6.12
+ @types/shell-quote@1.7.5
+ prettier@3.5.3
+ typescript@5.8.3
+ @actions/core@1.11.1
+ @actions/github@6.0.1
+ @modelcontextprotocol/sdk@1.16.0
+ @octokit/graphql@8.2.2
+ @octokit/rest@21.1.1
+ @octokit/webhooks-types@7.6.1
+ node-fetch@3.3.2
+ shell-quote@1.8.3
+ zod@3.25.76

149 packages installed [385.00ms]
Run bun run ${GITHUB_ACTION_PATH}/src/entrypoints/prepare.ts
Auto-detected mode: agent for event: pull_request
Requesting OIDC token...
Attempt 1 of 3...
OIDC token successfully obtained
Exchanging OIDC token for app token...
Attempt 1 of 3...
App token exchange failed: 401 Unauthorized - Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Attempt 1 failed: Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Retrying in 5 seconds...
Attempt 2 of 3...
App token exchange failed: 401 Unauthorized - Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Attempt 2 failed: Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Retrying in 10 seconds...
Attempt 3 of 3...
App token exchange failed: 401 Unauthorized - Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Attempt 3 failed: Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Operation failed after 3 attempts
Error: Failed to setup GitHub token: Error: Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.

If you instead wish to use this action with a custom GitHub token or custom GitHub app, provide a `github_token` in the `uses` section of the app in your workflow yml file.
Error: Process completed with exit code 1.

To Reproduce

Updated to claude action v1.

Expected behavior
It works and reviews my code.

Workflow yml file

name: Claude Code Review

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  claude-review:
    
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read
      issues: read
      id-token: write
    
    steps:
      - name: Checkout repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 1

      - name: Run Claude Code Review
        id: claude-review
        uses: anthropics/claude-code-action@v1
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

          # Direct prompt for automated review (no @claude mention needed)
          prompt: |
            Please review this pull request and provide feedback on:
            - Code quality and best practices
            - Potential bugs or issues
            - Performance considerations
            - Security concerns
            - Test coverage
            
            Be constructive and helpful in your feedback.
          use_sticky_comment: true
          
          claude_args: |
            --model claude-opus-4-1
            --allowedTools "Bash(*), mcp__playwright__*"
            --mcp-config '{
              "mcpServers": {
                "playwright": {
                  "command": "npx",
                  "args": ["-y", "@modelcontextprotocol/server-playwright"]
                }
              }
            }'
          

API Provider

[X] Anthropic First-Party API (default)
[ ] AWS Bedrock
[ ] GCP Vertex

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions