feat(credential-provider-sso): use SSOTokenProvider when new config format is detected

Author: kuhe

packages/credential-provider-sso/src/resolveSSOCredentials.ts

@@ -10,7 +10,7 @@ import { FromSSOInit, SsoCredentialsParameters } from "./fromSSO";
  * The time window (15 mins) that SDK will treat the SSO token expires in before the defined expiration date in token.
  * This is needed because server side may have invalidated the token before the defined expiration date.
  *
- * @internal
+ * @private
  */
 const EXPIRE_WINDOW_MS = 15 * 60 * 1000;
 

packages/shared-ini-file-loader/src/getSSOTokenFilepath.ts

@@ -6,8 +6,8 @@ import { getHomeDir } from "./getHomeDir";
 /**
  * Returns the filepath of the file where SSO token is stored.
  */
-export const getSSOTokenFilepath = (ssoStartUrl: string) => {
+export const getSSOTokenFilepath = (id: string) => {
   const hasher = createHash("sha1");
-  const cacheName = hasher.update(ssoStartUrl).digest("hex");
+  const cacheName = hasher.update(id).digest("hex");
   return join(getHomeDir(), ".aws", "sso", "cache", `${cacheName}.json`);
 };

packages/shared-ini-file-loader/src/getSSOTokenFromFile.ts

@@ -53,10 +53,11 @@ export interface SSOToken {
 }
 
 /**
+ * @param id - can be either a start URL or the SSO session name.
  * Returns the SSO token from the file system.
  */
-export const getSSOTokenFromFile = async (ssoStartUrl: string) => {
-  const ssoTokenFilepath = getSSOTokenFilepath(ssoStartUrl);
+export const getSSOTokenFromFile = async (id: string) => {
+  const ssoTokenFilepath = getSSOTokenFilepath(id);
   const ssoTokenText = await readFile(ssoTokenFilepath, "utf8");
   return JSON.parse(ssoTokenText) as SSOToken;
 };

packages/token-providers/src/fromSso.spec.ts

@@ -123,7 +123,7 @@ describe(fromSso.name, () => {
     const mockError = new Error("mockError");
     (getSSOTokenFromFile as jest.Mock).mockRejectedValue(mockError);
     const expectedError = new TokenProviderError(
-      `The SSO session associated with this profile is invalid. ${REFRESH_MESSAGE}`,
+      `The SSO session associated with this profile is invalid. ${REFRESH_MESSAGE}\n${mockError}`,
       false
     );
     await expect(fromSso(mockInit)()).rejects.toStrictEqual(expectedError);
@@ -214,7 +214,8 @@ describe(fromSso.name, () => {
       expect(validateTokenKey).toHaveBeenNthCalledWith(
         (validateTokenKey as jest.Mock).mock.calls.length,
         key,
-        mockSsoToken[key]
+        mockSsoToken[key],
+        true
       );
     }
   );

packages/token-providers/src/fromSso.ts

@@ -68,10 +68,10 @@ export const fromSso =
 
     let ssoToken: SSOToken;
     try {
-      ssoToken = await getSSOTokenFromFile(ssoStartUrl);
+      ssoToken = await getSSOTokenFromFile(ssoSessionName);
     } catch (e) {
       throw new TokenProviderError(
-        `The SSO session associated with this profile is invalid. ${REFRESH_MESSAGE}`,
+        `The SSO session associated with this profile is invalid. ${REFRESH_MESSAGE}\n${e}`,
         false
       );
     }
@@ -93,9 +93,9 @@ export const fromSso =
       return existingToken;
     }
 
-    validateTokenKey("clientId", ssoToken.clientId);
-    validateTokenKey("clientSecret", ssoToken.clientSecret);
-    validateTokenKey("refreshToken", ssoToken.refreshToken);
+    validateTokenKey("clientId", ssoToken.clientId, true);
+    validateTokenKey("clientSecret", ssoToken.clientSecret, true);
+    validateTokenKey("refreshToken", ssoToken.refreshToken, true);
 
     try {
       lastRefreshAttemptTime.setTime(Date.now());

packages/token-providers/src/validateTokenKey.spec.ts

@@ -9,7 +9,16 @@ describe(validateTokenKey.name, () => {
     const value = undefined;
 
     expect(() => validateTokenKey(key, value)).toThrow(
-      new TokenProviderError(`Value not present for '${key}' in SSO Token'. ${REFRESH_MESSAGE}`, false)
+      new TokenProviderError(`Value not present for '${key}' in SSO Token. ${REFRESH_MESSAGE}`, false)
+    );
+  });
+
+  it("specifies whether validation was for refresh", () => {
+    const key = "key";
+    const value = undefined;
+
+    expect(() => validateTokenKey(key, value, true)).toThrow(
+      new TokenProviderError(`Value not present for '${key}' in SSO Token. Cannot refresh. ${REFRESH_MESSAGE}`, false)
     );
   });
 

packages/token-providers/src/validateTokenKey.ts

@@ -5,8 +5,11 @@ import { REFRESH_MESSAGE } from "./constants";
 /**
  * Throws TokenProviderError if value is undefined for key.
  */
-export const validateTokenKey = (key: string, value: unknown) => {
+export const validateTokenKey = (key: string, value: unknown, forRefresh = false) => {
   if (typeof value === "undefined") {
-    throw new TokenProviderError(`Value not present for '${key}' in SSO Token'. ${REFRESH_MESSAGE}`, false);
+    throw new TokenProviderError(
+      `Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`,
+      false
+    );
   }
 };

packages/token-providers/src/writeSSOTokenToFile.ts

@@ -5,10 +5,10 @@ import { promises as fsPromises } from "fs";
 const { writeFile } = fsPromises;
 
 /**
- * Writes SSO token to file based on filepath computed from ssoStartUrl.
+ * Writes SSO token to file based on filepath computed from ssoStartUrl or session name.
  */
-export const writeSSOTokenToFile = (ssoStartUrl: string, ssoToken: SSOToken) => {
-  const tokenFilepath = getSSOTokenFilepath(ssoStartUrl);
+export const writeSSOTokenToFile = (id: string, ssoToken: SSOToken) => {
+  const tokenFilepath = getSSOTokenFilepath(id);
   const tokenString = JSON.stringify(ssoToken, null, 2);
   return writeFile(tokenFilepath, tokenString);
 };