fix(credential-provider-node): only skip sso init if all sso fields a…

…re not present (#5746)
aws · Jan 30, 2024 · b0b840a · b0b840a
1 parent b87f5e0
commit b0b840a
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/packages/credential-provider-node/src/defaultProvider.spec.ts b/packages/credential-provider-node/src/defaultProvider.spec.ts
@@ -128,6 +128,16 @@ describe(defaultProvider.name, () => {
     expect(fromSSO).not.toHaveBeenCalled();
   });
 
+  it("incomplete sso information should still engage the SSO provider", async () => {
+    await defaultProvider({})();
+    expect(fromSSO).not.toHaveBeenCalled();
+
+    await defaultProvider({
+      ssoRegion: "a-test-region",
+    })();
+    expect(fromSSO).toHaveBeenCalled();
+  });
+
   describe(credentialsTreatedAsExpired.name, () => {
     const mockDateNow = Date.now();
     beforeEach(async () => {

diff --git a/packages/credential-provider-node/src/defaultProvider.ts b/packages/credential-provider-node/src/defaultProvider.ts
@@ -66,8 +66,8 @@ export const defaultProvider = (init: DefaultProviderInit = {}): MemoizedProvide
           ]),
       async () => {
         init.logger?.debug("@aws-sdk/credential-provider-node", "defaultProvider::fromSSO");
-        const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName } = init;
-        if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
+        const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
+        if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
           throw new CredentialsProviderError(
             "Skipping SSO provider in default chain (inputs do not include SSO fields)."
           );