The fromWebIdentity passes to fetchAuthInBackground the action that performs the AssumeRoleWithWebIdentity [1]. AssumeRoleWithWebIdentity may throw ServiceError (as exception Amazonka.Types.Error), not just HTTPException. However, fetchAuthInBackground catches and throws only HTTPException to the original thread by throwTo, leaving other exceptions to the default handler [2]. Thus, if a ServiceError is thrown, the temporary credential update will be interrupted without the original thread being aware of it.
So, I believe that fetchAuthInBackground should either re-throw other exceptions raised by the action to the original thread or have some error recovery method.
The
fromWebIdentitypasses tofetchAuthInBackgroundthe action that performs theAssumeRoleWithWebIdentity[1].AssumeRoleWithWebIdentitymay throwServiceError(as exceptionAmazonka.Types.Error), not justHTTPException. However,fetchAuthInBackgroundcatches and throws onlyHTTPExceptionto the original thread bythrowTo, leaving other exceptions to the default handler [2]. Thus, if aServiceErroris thrown, the temporary credential update will be interrupted without the original thread being aware of it.So, I believe that
fetchAuthInBackgroundshould either re-throw other exceptions raised by the action to the original thread or have some error recovery method.[1] https://github.com/brendanhay/amazonka/blob/ea8679437dd93d2dea74521285d6260d60cea966/lib/amazonka/src/Amazonka/Auth/STS.hs#L80-L94
[2] Because the
RetrievalErrorconstructor accepts an argument of typeHTTPException,emust be of the same type: https://github.com/brendanhay/amazonka/blob/ea8679437dd93d2dea74521285d6260d60cea966/lib/amazonka/src/Amazonka/Auth/Background.hs#L63-L65