Commits on Jun 10, 2023

1. fix: sso credential resolution failure when sso-session access token … …

   …requires a refresh
   
   This commit fixes an issue which caused the SSO credentials provider to
   fail to resolve credentials if a cached access token associated with an
   sso-session required a refresh.
   
   Reason for the issue is that SSOTokenProvider.load() skips token refresh
   if another refresh had been kicked off within the last 30 seconds. In
   this case, SSOTokenProvider.load() was called twice when credentials
   were being resolved: once from SSOTokenProvider constructor (via .get())
   and second time from SsoCredentials.getToken() method.
   
   If the access token on disk had expired, the first call to
   SSOTokenProvider.load() from SSOTokenProvider constructor kicked off
   a token refresh. When SsoCredentials.getToken() called
   SSOTokenProvider.load() again immediately, SSOTokenProvider would skip
   the token refresh and invoke the SsoCredentials.getToken() callback
   without having a valid token.
   
   Because of this, SsoCredentials did not get a valid SSO access token
   from SSOTokenProvider and it could not fetch AWS credential from AWS
   IAM Identity Center.
   
   Loading the SSO access token with SSOTokenProvider.get() instead of
   SSOTokenProvider.load() fixes the issue as SSOTokenProvider.get()
   tracks the calls to .get(), triggers the load just once and invokes
   all the callbacks when the new token is available.
   
   This way SsoCredentials.getToken() will receive a valid access token
   once the initial load kicked off by the SSOTokenProvider constructor
   completes and SsoCredentials can use the refreshed token to fetch AWS
   credentials from AWS IAM Identity Center.
   
   Fixes aws#4441

   

   sjakthol committed Jun 10, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for db0ebf1
   • Browse repository at this point

   Copy the full SHA

   db0ebf1 View commit details

   Browse the repository at this point in the history