Describe the bug
When using the SSO session introduced in last November, the access token of the SSO session is used.
If this access token is expiring while the application is running, all requests to AWS will fail.
Expected Behavior
I would expect that the access token of SSO sessions are refresh throughtout the applications lifetime, so AWS requests don't fail.
Current Behavior
The access token of the SSO session is only refreshed when the client gets constructed. If the access token expires throughout the applications lifetime, the AWS calls will fail.
Reproduction Steps
- Make your local AWS config use the SSO sessions.
- Start an application e.g. using an S3 client via:
S3Client.builder().credentialsProvider(ProfileCredentialsProvider.create(SOME_SSO_PROFILE_NAME))
- Keep the application running until the access token of your current session expires.
- Try to call the S3 client.
Possible Solution
When checking the code I found this part:
|
SdkToken sdkToken = tokenProvider.resolveToken(); |
|
Validate.paramNotNull(sdkToken, "Token provided by the TokenProvider is null"); |
|
Supplier<GetRoleCredentialsRequest> supplier = () -> request.toBuilder() |
|
.accessToken(sdkToken.token()) |
|
.build(); |
You can see that resolveToken() is called during construction time. This method refreshes the access token if required.
But the following supplier will simply make use of the given access token.
I'm wondering whether it would be enough to simply call the resolveToken() inside of the supplier for the GetRoleCredentialsRequest, so that the access token gets refreshed beforehand. 🤔
Additional Information/Context
No response
AWS Java SDK version used
2.20.7
JDK version used
17.0.6
Operating System and version
Windows 10 22H2
Describe the bug
When using the SSO session introduced in last November, the access token of the SSO session is used.
If this access token is expiring while the application is running, all requests to AWS will fail.
Expected Behavior
I would expect that the access token of SSO sessions are refresh throughtout the applications lifetime, so AWS requests don't fail.
Current Behavior
The access token of the SSO session is only refreshed when the client gets constructed. If the access token expires throughout the applications lifetime, the AWS calls will fail.
Reproduction Steps
Possible Solution
When checking the code I found this part:
aws-sdk-java-v2/services/sso/src/main/java/software/amazon/awssdk/services/sso/auth/SsoProfileCredentialsProviderFactory.java
Lines 107 to 111 in b74ce8e
You can see that
resolveToken()is called during construction time. This method refreshes the access token if required.But the following supplier will simply make use of the given access token.
I'm wondering whether it would be enough to simply call the
resolveToken()inside of the supplier for theGetRoleCredentialsRequest, so that the access token gets refreshed beforehand. 🤔Additional Information/Context
No response
AWS Java SDK version used
2.20.7
JDK version used
17.0.6
Operating System and version
Windows 10 22H2