fix: sso credential resolution when sso-session access token requires…

… refresh

This commit fixes an issue which caused the SSO credentials provider to
fail to resolve credentials if a cached access token associated with an
sso-session required a refresh.

Reason for the issue is that SSOTokenProvider.load() skips token refresh
if another refresh had been kicked off within the last 30 seconds. In
this case, SSOTokenProvider.load() was called twice when credentials
were being resolved: once from SSOTokenProvider constructor and second
time from SsoCredentials.getToken() method.

If the access token on disk had expired, the first call to
SSOTokenProvider.load() from SSOTokenProvider constructor would kick
off async token refresh process. However, if this had not completed
before the second call to SSOTokenProvider.load() from
SsoCredentials.getToken() was made, SSOTokenProvider.load() would call
the SsoCredentials.getToken() callback without a valid token.

Because of this, SsoCredentials did not have a valid SSO access token
available to fetch AWS credentials and credential resolution failed.

Loading the SSO access token with SSOTokenProvider.get() instead of
SSOTokenProvider.load() fixes the issue as SSOTokenProvider.get()
tracks the calls to .get(), triggers the load just once and invokes
all the callbacks when the new token is available.

Fixes aws#4441

lib/credentials/sso_credentials.js

@@ -176,7 +176,7 @@ AWS.SsoCredentials = AWS.util.inherit(AWS.Credentials, {
       var ssoTokenProvider = new AWS.SSOTokenProvider({
         profile: profileName,
       });
-      ssoTokenProvider.load(function (err) {
+      ssoTokenProvider.get(function (err) {
         if (err) {
           return callback(err);
         }