Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: sso credential resolution when sso-session access token requires…
… refresh This commit fixes an issue which caused the SSO credentials provider to fail to resolve credentials if a cached access token associated with an sso-session required a refresh. Reason for the issue is that SSOTokenProvider.load() skips token refresh if another refresh had been kicked off within the last 30 seconds. In this case, SSOTokenProvider.load() was called twice when credentials were being resolved: once from SSOTokenProvider constructor and second time from SsoCredentials.getToken() method. If the access token on disk had expired, the first call to SSOTokenProvider.load() from SSOTokenProvider constructor would kick off async token refresh process. However, if this had not completed before the second call to SSOTokenProvider.load() from SsoCredentials.getToken() was made, SSOTokenProvider.load() would call the SsoCredentials.getToken() callback without a valid token. Because of this, SsoCredentials did not have a valid SSO access token available to fetch AWS credentials and credential resolution failed. Loading the SSO access token with SSOTokenProvider.get() instead of SSOTokenProvider.load() fixes the issue as SSOTokenProvider.get() tracks the calls to .get(), triggers the load just once and invokes all the callbacks when the new token is available. Fixes aws#4441
- Loading branch information