ι¨η½²δΏζ€ηδΏ‘δ»»ζΊ
Source: Vercel News
Trusted Sources lets protected deployments accept short-lived identity tokens (OIDC) from Vercel projects and external services you authorize, so you no longer have to share a long-lived Protection Bypass for Automation secret. Trusted Sources is the recommended approach, but Protection Bypass for Automation continues to work
Callers attach an OIDC token in the x-vercel-trusted-oidc-idp-token header. Vercel then verifies the signature, checks the claims you configured, and confirms the environment matches the rule.
Authorize Vercel projects
By default, the Vercel OIDC token for a project can call its own deployments. To authorize another project in the same team, add it to Trusted Sources.
Self-access and cross-project rules are both customizable with from/to environment pairs. To authenticate a request from a project, forward its Vercel OIDC token:
Authorize external services
Any custom OIDC provider can be authorized as a trusted external service, such as GitHub Actions, or a Vercel project in another team.
Read the documentation to learn more.