Add support for GitHub OIDC auth for mod uploads
Posted: Fri May 08, 2026 7:47 am
Currently, you have to use an API Key to upload a new version of a mod.
It would be nice (and more secure) to use GitHub OIDC based auth for mod uploads.
You could implement this as an additional flag in the mod page. After configuring the source repo in the mod page and enabling the flag in the mod/user settings, you can use its source repo to directly publish new versions of that mod.
Pros:
- No API key to be leaked
Cons:
- Currently does not handle initial mod upload (though, if you add a GH username to the profile page, then you could use that to associate a new mod with a factorio account)
It would be nice (and more secure) to use GitHub OIDC based auth for mod uploads.
You could implement this as an additional flag in the mod page. After configuring the source repo in the mod page and enabling the flag in the mod/user settings, you can use its source repo to directly publish new versions of that mod.
Pros:
- No API key to be leaked
Cons:
- Currently does not handle initial mod upload (though, if you add a GH username to the profile page, then you could use that to associate a new mod with a factorio account)
Code: Select all
OIDC_TOKEN="$(
curl -sS \
-H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=https://mods.factorio.com/mod/<my-Mod>" \
| jq -r '.value'
)"
curl -X POST "mod upload url" \
-H "Authorization: Bearer $OIDC_TOKEN" \
-F "file=@./mod.zip"