Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trailing # in sso_start_url stripped when parsing shared config files #2369

Closed
gdavison opened this issue Nov 16, 2023 · 1 comment · Fixed by #2371
Closed

Trailing # in sso_start_url stripped when parsing shared config files #2369

gdavison opened this issue Nov 16, 2023 · 1 comment · Fixed by #2371
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. p1 This is a high priority issue

Comments

@gdavison
Copy link
Contributor

Describe the bug

The SSO Start URLs generated by IAM Identity Center include a trailing #, for example https://d-123456789a.awsapps.com/start#. This trailing # is stripped by the parser for shared configuration files.

When used with legacy non-refreshable credentials (https://docs.aws.amazon.com/cli/latest/userguide/sso-configure-profile-legacy.html), the SSO Start URL is used to generate the token file name (

cachedTokenFilepath, err := StandardCachedTokenFilepath(p.options.StartURL)
). Because the # is stripped, the file names are different.

Expected Behavior

I would be able to successfully authenticate with a legacy SSO configuration

Current Behavior

I am not able to authenticate, and get an error which contains

failed to refresh cached credentials, the SSO session has expired or is invalid: failed to read cached SSO token file

Reproduction Steps

Add the following files to internal/ini/testdata/valid

start_url

[ default ]
sso_start_url = https://d-123456789a.awsapps.com/start#

start_url_expected

{
    "default": {
        "sso_start_url": "https://d-123456789a.awsapps.com/start#"
    }
}

Run the acceptance test TestValidDataFiles

The result is

=== RUN   TestValidDataFiles
    /Users/gdavison/developer/aws-sdk-go-v2/internal/ini/ini_test.go:75: testdata/valid/start_url: expected https://d-123456789a.awsapps.com/start#, but received https://d-123456789a.awsapps.com/start for profile default
--- FAIL: TestValidDataFiles (0.00s)
FAIL

Possible Solution

No response

Additional Information/Context

No response

AWS Go SDK V2 Module Versions Used

github.com/aws/aws-sdk-go-v2/internal/ini v1.7.0

Compiler and Version used

go version go1.21.0 darwin/arm64

Operating System and version

macOS 13.4.1

Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. p1 This is a high priority issue
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants