aws · wty-Bryant · Aug 18, 2023 · Aug 17, 2023 · Aug 17, 2023 · Aug 17, 2023
diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md
@@ -3,3 +3,5 @@
 ### SDK Enhancements
 
 ### SDK Bugs
+* `aws/credentials/ssocreds`: Modify sso token provider logic to handle possible nil val returned by CreateToken.
+  * Fixes [4947](https://github.com/aws/aws-sdk-go/issues/4947)
diff --git a/aws/credentials/ssocreds/token_provider.go b/aws/credentials/ssocreds/token_provider.go
@@ -111,6 +111,15 @@ func (p *SSOTokenProvider) refreshToken(token cachedToken) (cachedToken, error)
 	if err != nil {
 		return cachedToken{}, fmt.Errorf("unable to refresh SSO token, %v", err)
 	}
+	if createResult.ExpiresIn == nil {
+		return cachedToken{}, fmt.Errorf("missing required field ExpiresIn")
+	}
+	if createResult.AccessToken == nil {
+		return cachedToken{}, fmt.Errorf("missing required field AccessToken")
+	}
+	if createResult.RefreshToken == nil {
+		return cachedToken{}, fmt.Errorf("missing required field RefreshToken")
+	}
 
 	expiresAt := nowTime().Add(time.Duration(*createResult.ExpiresIn) * time.Second)