Trusted Publishers: The Game

You are a hacker hired by the PyPI package maintainers to test their new 'trusted publishing' system that uses OIDC to securely publish packages. Your task is to break into the system and steal the secret identity token needed to publish a malicious package. But the only way to get it is by solving a series of cryptographic puzzles that get progressively harder.