Skip to content

v1: App token exchange failed #522

Description

@pmatos

Describe the bug

Claude review with v1 results in

Run oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76
  with:
    bun-version: 1.2.11
    no-cache: false
Cache hit for: wMLiZ8FsTgrkPpZKjrOwUG0XVBQ=
Received 0 of 34725459 (0.0%), 0.0 MBs/sec
Received 34725459 of 34725459 (100.0%), 23.7 MBs/sec
Cache Size: ~33 MB (34725459 B)
/usr/bin/tar -xf /home/runner/work/_temp/4c1e850b-5fdc-4fff-89b2-c757dd7b02fb/cache.tzst -P -C /home/runner/work/rightkey/rightkey --use-compress-program unzstd
Cache restored successfully
/home/runner/.bun/bin/bun --revision
1.2.11+cb6abd211
Using a cached version of Bun: 1.2.11+cb6abd211
Run cd ${GITHUB_ACTION_PATH}
bun install v1.2.11 (cb6abd21)

+ @types/bun@1.2.11
+ @types/node@20.19.9
+ @types/node-fetch@2.6.12
+ @types/shell-quote@1.7.5
+ prettier@3.5.3
+ typescript@5.8.3
+ @actions/core@1.11.1
+ @actions/github@6.0.1
+ @modelcontextprotocol/sdk@1.16.0
+ @octokit/graphql@8.2.2
+ @octokit/rest@21.1.1
+ @octokit/webhooks-types@7.6.1
+ node-fetch@3.3.2
+ shell-quote@1.8.3
+ zod@3.25.76

149 packages installed [385.00ms]
Run bun run ${GITHUB_ACTION_PATH}/src/entrypoints/prepare.ts
Auto-detected mode: agent for event: pull_request
Requesting OIDC token...
Attempt 1 of 3...
OIDC token successfully obtained
Exchanging OIDC token for app token...
Attempt 1 of 3...
App token exchange failed: 401 Unauthorized - Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Attempt 1 failed: Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Retrying in 5 seconds...
Attempt 2 of 3...
App token exchange failed: 401 Unauthorized - Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Attempt 2 failed: Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Retrying in 10 seconds...
Attempt 3 of 3...
App token exchange failed: 401 Unauthorized - Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Attempt 3 failed: Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.
Operation failed after 3 attempts
Error: Failed to setup GitHub token: Error: Workflow validation failed. The workflow file must exist and have identical content to the version on the repository's default branch. If you're seeing this on a PR when you first add a code review workflow file to your repository, this is normal and you should ignore this error.

If you instead wish to use this action with a custom GitHub token or custom GitHub app, provide a `github_token` in the `uses` section of the app in your workflow yml file.
Error: Process completed with exit code 1.

To Reproduce

Updated to claude action v1.

Expected behavior
It works and reviews my code.

Workflow yml file

name: Claude Code Review

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  claude-review:
    
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read
      issues: read
      id-token: write
    
    steps:
      - name: Checkout repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 1

      - name: Run Claude Code Review
        id: claude-review
        uses: anthropics/claude-code-action@v1
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

          # Direct prompt for automated review (no @claude mention needed)
          prompt: |
            Please review this pull request and provide feedback on:
            - Code quality and best practices
            - Potential bugs or issues
            - Performance considerations
            - Security concerns
            - Test coverage
            
            Be constructive and helpful in your feedback.
          use_sticky_comment: true
          
          claude_args: |
            --model claude-opus-4-1
            --allowedTools "Bash(*), mcp__playwright__*"
            --mcp-config '{
              "mcpServers": {
                "playwright": {
                  "command": "npx",
                  "args": ["-y", "@modelcontextprotocol/server-playwright"]
                }
              }
            }'
          

API Provider

[X] Anthropic First-Party API (default)
[ ] AWS Bedrock
[ ] GCP Vertex

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions