AWS have informed us that they have cleared their OIDC caches, we have confirmed via automated testing and the AWS console that the old correct thumbprint a031c46782e6e6c662c2c87c76da9aa62ccabd8e is now being returned consistently.
Posted Jun 27, 2022 - 12:20 UTC
We are still investigating why AWS is returning the new thumbprint of 1c58a3a8518e8759bf075b76b750d4f2df264fcd rather than a031c46782e6e6c662c2c87c76da9aa62ccabd8e for the Bitbucket identity provider. To work around the issue in the meantime you can add both thumbprints to your identity provider settings in the AWS console to ensure your tokens are validated against either the new or old certificate whilst we investigate the issue more with AWS.
Posted Jun 27, 2022 - 04:11 UTC
We are investigating a reoccurence of OIDC thumbprints being invalid with AWS causing steps using OIDC to not authenticate.