Revert "If custom server url exists, use that instead of the default one."

pkg/identity/github/principal.go

@@ -18,7 +18,6 @@ import (
 	"context"
 	"crypto/x509"
 	"errors"
-	"fmt"
 	"net/url"
 
 	"github.com/coreos/go-oidc/v3/oidc"
@@ -106,7 +105,6 @@ func WorkflowPrincipalFromIDToken(_ context.Context, token *oidc.IDToken) (ident
 		WorkflowSha          string `json:"workflow_sha"`
 		RunID                string `json:"run_id"`
 		RunAttempt           string `json:"run_attempt"`
-		Enterprise           string `json:"enterprise"`
 	}
 	if err := token.Claims(&claims); err != nil {
 		return nil, err
@@ -161,16 +159,10 @@ func WorkflowPrincipalFromIDToken(_ context.Context, token *oidc.IDToken) (ident
 		return nil, errors.New("missing run_attempt claim in ID token")
 	}
 
-	baseURL := `https://github.com/`
-
-	if claims.Enterprise != "" {
-		baseURL = fmt.Sprintf("https://%s.ghe.com/", claims.Enterprise)
-	}
-
 	return &workflowPrincipal{
 		subject:              token.Subject,
 		issuer:               token.Issuer,
-		url:                  baseURL,
+		url:                  `https://github.com/`,
 		sha:                  claims.Sha,
 		eventName:            claims.EventName,
 		repository:           claims.Repository,

pkg/identity/github/principal_test.go

@@ -84,53 +84,6 @@ func TestWorkflowPrincipalFromIDToken(t *testing.T) {
 			},
 			WantErr: false,
 		},
-		`Valid token, custom base url authenticates with correct claims`: {
-			Claims: map[string]interface{}{
-				"aud":                   "sigstore",
-				"event_name":            "push",
-				"exp":                   0,
-				"iss":                   "https://token.actions.githubusercontent.com",
-				"job_workflow_ref":      "sigstore/fulcio/.github/workflows/foo.yaml@refs/heads/main",
-				"job_workflow_sha":      "example-sha",
-				"ref":                   "refs/heads/main",
-				"repository":            "sigstore/fulcio",
-				"repository_id":         "12345",
-				"repository_owner":      "username",
-				"repository_owner_id":   "345",
-				"repository_visibility": "public",
-				"run_attempt":           "1",
-				"run_id":                "42",
-				"runner_environment":    "cloud-hosted",
-				"sha":                   "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
-				"sub":                   "repo:sigstore/fulcio:ref:refs/heads/main",
-				"workflow":              "foo",
-				"workflow_ref":          "sigstore/other/.github/workflows/foo.yaml@refs/heads/main",
-				"workflow_sha":          "example-sha-other",
-				"enterprise":            "test",
-			},
-			ExpectPrincipal: workflowPrincipal{
-				issuer:               "https://token.actions.githubusercontent.com",
-				subject:              "repo:sigstore/fulcio:ref:refs/heads/main",
-				url:                  "https://test.ghe.com/",
-				jobWorkflowRef:       "sigstore/fulcio/.github/workflows/foo.yaml@refs/heads/main",
-				sha:                  "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
-				eventName:            "push",
-				repository:           "sigstore/fulcio",
-				workflow:             "foo",
-				ref:                  "refs/heads/main",
-				jobWorkflowSha:       "example-sha",
-				runnerEnvironment:    "cloud-hosted",
-				repositoryID:         "12345",
-				repositoryOwner:      "username",
-				repositoryOwnerID:    "345",
-				repositoryVisibility: "public",
-				workflowRef:          "sigstore/other/.github/workflows/foo.yaml@refs/heads/main",
-				workflowSha:          "example-sha-other",
-				runID:                "42",
-				runAttempt:           "1",
-			},
-			WantErr: false,
-		},
 		`Token missing job_workflow_ref claim should be rejected`: {
 			Claims: map[string]interface{}{
 				"aud":                   "sigstore",