My cool site
Posts Shorts
My cool site

Terraform Github AWS/Azure OIDC Authentication

 published on  included in DevOps

What is OIDC Authentication and why do I want it.

Github supports OpenID Connect which allows GitHub to act as an identity provider.

By setting up a trust relationship in Azure/AWS to Github, you can get github to assume temporary credentials within your cloud provider to do your deployments for you. This trust relationship gives you fine-grained control of which repositories and branches can assume the role/access token.

GitHub Actions workflow
  └─ requests OIDC token from GitHub
       └─ presents token to AWS STS / Azure AD
            └─ cloud validates token against GitHub's JWKS endpoint
                 └─ returns short-lived credential (IAM role / access token)

Repository link

Prerequisites

  • Terraform cloud configured (terraform login)
    • It’s expected that the user has Org level permissions to be able to create a new project + workspaces in that project.
  • AWS CLI configured (aws login)
  • Azure CLI configured (az login)

Remote state (Terraform Enterprise / Terraform Cloud)

The workspace is auto-created on first terraform init if it does not already exist.

Read More
 TerraformAwsAzure

Langchain A2A with Entra Authentication

 published on  included in AI/ML

My test of trying to implement Agent to Agent (A2A) via LangChain with Entra authentication.

Repository link

/posts/2026/02/langchain-a2a-with-entra-authentication/docs/streamlit_app.png

Structure

a2a/
├── infra/
│   ├── main.tf              # App registration, roles, assignments
│   ├── variables.tf          # UPNs, redirect URIs
│   └── outputs.tf            # Client ID, secret, tenant ID
├── src/
│   ├── agents/
│   │   ├── wiki/             # Wikipedia agent + card
│   │   ├── duck/             # DuckDuckGo agent + card
│   │   └── text_agent/       # Data agent with row-level access
│   ├── client/
│   │   ├── common.py         # Shared A2A tool factory
│   │   ├── orchestrator_agent/  # CLI orchestrator
│   │   └── streamlit_app/    # Streamlit UI + auth
│   ├── a2a_server/
│   │   ├── base.py           # Starlette server + routing
│   │   ├── auth.py           # JWT validation + middleware
│   │   ├── text_executor.py  # LangChain ↔ A2A bridge
│   │   └── types.py          # Streaming event types
│   └── util/
│       ├── settings.py       # Pydantic settings from .env
│       └── config.py         # LLM configuration
└── pyproject.toml            # uv project with entry points

About

I wanted to know a few things

Read More
 AiLangchain