Expired refresh token right after logging in

[ductm2205]

Describe the bug

I'm trying to login to aws cli using aws login, and after I finished logging in to my account once the login page popped up, it returns this error:

aws: [ERROR]: An error occurred (AccessDeniedException) when calling the CreateOAuth2Token operation: The refresh token has expired.

this is my current aws cli version:

aws --version
aws-cli/2.34.50 Python/3.14.4 Linux/6.6.87.2-microsoft-standard-WSL2 exe/x86_64.ubuntu.26

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

Login successfully and save credentials to ~/.aws/login/cache

Current Behavior

Returning this error:

aws: [ERROR]: An error occurred (AccessDeniedException) when calling the CreateOAuth2Token operation: The refresh token has expired.

Reproduction Steps

None

Possible Solution

No response

Additional Information/Context

this is the response from the server:

2026-05-21 03:00:35,401 - MainThread - botocore.parsers - DEBUG - Response headers: {'Date': 'Thu, 21 May 2026 03:00:00 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'X-Amzn-RequestId': 'X-Amzn-Trace-Id=Root=1-6a0e7530-472255200ec97fbd019f48a2;RequestId=be47a006-cccb-4f0d-a92f-8fbf1c011b85', 'Set-Cookie': 'aws-ubid-main=830-6183717-4316278; Domain=.amazon.com; Max-Age=31536000; Path=/; Secure; HttpOnly; SameSite=None', 'X-Frame-Options': 'DENY', 'X-UA-Compatible': 'IE=Edge', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'X-Content-Type-Options': 'nosniff', 'X-XSS-Protection': '1; mode=block', 'Cache-Control': 'no-store', 'Content-Security-Policy': "default-src 'none' https://*.monitoring.iam.signin.aws https://aws.amazon.com https://*.signin.aws.amazon.com https://signin.aws.amazon.com https://*.analytics.console.aws.a2z.com https://*.feedback.console.aws.dev 'nonce-gu7p7McL9dwotZc8lBQwrw=='; script-src 'self' https://aws.amazon.com https://*.signin.aws.amazon.com https://signin.aws.amazon.com https://d1dgtfo2wk29o4.cloudfront.net/fwcim.js https://m.media-amazon.com https://l0.awsstatic.com https://images-na.ssl-images-amazon.com 'report-sample' https://cdn.us-east-1.threat-mitigation.aws.amazon.com https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code_registration.min.js 'nonce-gu7p7McL9dwotZc8lBQwrw=='; style-src 'self' https://aws.amazon.com https://*.signin.aws.amazon.com https://signin.aws.amazon.com https://aws-signin-website-assets.s3.amazonaws.com https://l0.awsstatic.com https://images-na.ssl-images-amazon.com 'unsafe-inline'; font-src data: 'self';; img-src 'self' data: https://*.signin.aws.amazon.com https://signin.aws.amazon.com https://opfcaptcha-prod.s3.amazonaws.com https://amcs-captcha-prod-us-east-1.s3.dualstack.us-east-1.amazonaws.com https://amcs-captcha-prod-us-east-1.s3.us-east-1.amazonaws.com https://images-na.ssl-images-amazon.com https://d1.awsstatic.com https://internal-cdn.amazon.com https://media.amazonwebservices.com https://d36cz9buwru1tt.cloudfront.net https://d0.awsstatic.com; media-src 'self' https://*.signin.aws.amazon.com https://signin.aws.amazon.com https://media.amazonwebservices.com https://d36cz9buwru1tt.cloudfront.net https://opfcaptcha-prod.s3.amazonaws.com https://amcs-captcha-prod-us-east-1.s3.dualstack.us-east-1.amazonaws.com https://amcs-captcha-prod-us-east-1.s3.us-east-1.amazonaws.com; frame-src 'self' https://aws.amazon.com https://*.signin.aws.amazon.com https://signin.aws.amazon.com https://*.analytics.console.aws.a2z.com https://cdn.us-east-1.threat-mitigation.aws.amazon.com; report-uri /metrics/cspreport; base-uri 'none'; upgrade-insecure-requests;", 'X-Amzn-Errortype': 'AccessDeniedException', 'vary': 'accept-encoding', 'Server': 'Server'}
2026-05-21 03:00:35,401 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"error":"TOKEN_EXPIRED","message":"The refresh token has expired."}'

CLI version used

2.34.50

Environment details (OS name and version, etc.)

WSL Ubuntu 26.04