twine-upload: only do OIDC flow when user is token

Signed-off-by: William Woodruff <[email protected]>

Author: woodruffw

twine-upload.sh

@@ -39,7 +39,7 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')"
 INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
 INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
 
-if [[ -z "${INPUT_PASSWORD}" ]] ; then
+if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then
     # No password supplied by the user implies that we're in the OIDC flow;
     # retrieve the OIDC credential and exchange it for a PyPI API token.
     echo "::notice::in OIDC flow"