feat(sso): use SSOTokenProvider in SSOCredentialProvider

[kuhe]

Issue

internal JS-3637

Description

• use the SSO token provider if a compatible sso profile format is detected.

Testing

• created SSO organization in test account
• able to call S3 list buckets with unexpired SSO token from file using legacy config format
• able to call S3 list buckets with unexpired SSO token from file using new config format
• able to call S3 list buckets with refresh SSO token from file using new config format

Additional test instructions will be documented internally.

[kuhe]

corresponding v2 PR: aws/aws-sdk-js#4267

[trivikr]

The refresh message provides relevant information. I don't think we should rethrow error here.

Suggested change

	`The SSO session associated with this profile is invalid. ${REFRESH_MESSAGE}\n${e}`,
	`The SSO session associated with this profile is invalid. ${REFRESH_MESSAGE}`,

[kuhe]

I would prefer to have this information when receiving a bug report, for example.

It could say "file not found: ~/.aws/sso/cache/abcde.json". And we would then know the user either didn't do SSO sign in or the filename hash used was wrong

It could alternatively be a JSON parse error (less likely).

[kuhe]

I ended up removing the underlying error, but changed the wording of the thrown error to hint at the file not found issue.

[jacobwgillespie]

@kuhe I am getting the error Cannot read properties of undefined (reading 'sso_session') with code running inside an ECS task after this change. I believe this change here does not account for when profile is undefined.

I believe this should be:

if (profile && profile.sso_session) {

Previously this function would have exited with if (!isSsoProfile(profile)) below, since that checks for undefined.

[niranjan94]

+1 I'm getting the same error Cannot read properties of undefined (reading 'sso_session') when running inside AWS EKS. (Version 3.209.0)

[guiaramos]

+1 getting same error when running inside AWS Elasticbeanstalk (Version 3.209.0):

Nov 13 22:30:24 ip-10-0-2-9 web: TypeError: Cannot read properties of undefined (reading 'sso_session')
Nov 13 22:30:24 ip-10-0-2-9 web: at /var/app/current/node_modules/@aws-sdk/credential-provider-sso/dist-cjs/fromSSO.js:15:21
Nov 13 22:30:24 ip-10-0-2-9 web: at async coalesceProvider (/var/app/current/node_modules/@aws-sdk/property-provider/dist-cjs/memoize.js:14:24)
Nov 13 22:30:24 ip-10-0-2-9 web: at async SignatureV4.credentialProvider (/var/app/current/node_modules/@aws-sdk/property-provider/dist-cjs/memoize.js:33:24)
Nov 13 22:30:24 ip-10-0-2-9 web: at async SignatureV4.signRequest (/var/app/current/node_modules/@aws-sdk/signature-v4/dist-cjs/SignatureV4.js:86:29)
Nov 13 22:30:24 ip-10-0-2-9 web: at async /var/app/current/node_modules/@aws-sdk/middleware-signing/dist-cjs/middleware.js:16:18
Nov 13 22:30:24 ip-10-0-2-9 web: at async StandardRetryStrategy.retry (/var/app/current/node_modules/@aws-sdk/middleware-retry/dist-cjs/StandardRetryStrategy.js:51:46)
Nov 13 22:30:24 ip-10-0-2-9 web: at async /var/app/current/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:6:22
Nov 13 22:30:24 ip-10-0-2-9 web: at async getAWSSecrets (/var/app/current/packages/server/dist/infrastructure/settings/config.factory.js:104:21)
Nov 13 22:30:24 ip-10-0-2-9 web: at async InstanceWrapper.ConfigAWSFactory [as metatype] (/var/app/current/packages/server/dist/infrastructure/settings/config.factory.js:61:21)
Nov 13 22:30:24 ip-10-0-2-9 web: at async Injector.instantiateClass (/var/app/current/node_modules/@nestjs/core/injector/injector.js:344:37)

[kuhe]

Submitted PR to fix #4186

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.