OidcClient.getCall failing in self-hosted Runners.

[Powertrain]

Coming from this post: Azure/login#477

Environments

• GHES 3.11.5 in an Azure VM along with,
• a self-hosted runner in an Azure VM with the software provided by the GHES instance.

Issue:

• When Azure/login is used on a self-hosted runner, the job is unable to access the id-token variable's permissions. id-token has been set to both Write and Write-All in many iterations of the job to no success. Please make sure to give write permissions to id-token in the workflow.
• the azure/login v2.1.1 action fails at line 570, the try-catch sends back Login failed with Error: Error message: Cannot read properties of undefined (reading 'message'). Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.
• the OIDC token URL appears to be generated , but
• it fails at line 565: const id_token = yield OidcClient.getCall(id_token_url);

Following advice from this post: Azure/login#283

• Both endpoints are available from the internet.
• They are available when using a curl - v command from the runner machine.

However this still results in a failed run with the following information:

The id_token_url (Line 559) variable , when visited via a browser from my machine, or curl -v from the gitRunner machine is always the same response: The user 'System:PublicAccess;aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' is not authorized to access this resource.
The person assigned to my issue suggested I bring this up here.
Thanks for any assistance.