-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support token auto refresh #71
Comments
Hello Thank you for this issue. Can you please provide a link to any information you have about the AWS CLI being able to refresh the token? |
Here's official documentation, but it doesn't contain any specific commands that you need call to refresh token: |
Thanks for that. It looks like the refresh is happening automatically whenever the named profile is used. The distinction between a refreshable and non-refreshable token seems to come down to how the profile is defined. Non-refreshable:
Refreshable:
So, if I'll do some testing and see if I can make it work reliably. |
Just spotted this note in the documentation:
|
About refreshing, when token is expired when you are calling aws login - you are still redirected to browser. So it's not refresh, it seems to be relogin. The AWS cli itself doesn't require executing login command to refresh. It refreshes token automatically whenever you are calling any cli command using profile. |
There is a distinct lack of clarity/documentation around what is happening here, unfortunately. I can see two timeouts in the cache file:
This is going to be interesting to see ... but time-consuming to test :). I'll wait to see what happens when I try to use the token at, say, 11:45 and then see what changes in the cache file. |
Hope your tests will go well. I have only So probably you don't need to wait so long to test token refresh. |
Any updates on this? Currently
|
I'm sorry but I've been busy on other work. If anyone wants to have a go at submitting a change, I'd be happy to review it. |
Fixed in version 1.4.0 thanks to @matan129 |
Now AWS supports refresh tokens and in some cases IAM Identity Center returns you a refresh token.
Nowdays, AWS cli is able to refresh token, bur aws2-wrap is not able to do that and just requests to make login insted
The text was updated successfully, but these errors were encountered: