search

common-fate / granted

The easiest way to access your cloud.
https://granted.dev
MIT License
1.04k stars 93 forks source link

UnauthorizedException: Session token not found or invalid #715

Open jrwpatterson opened 1 month ago

jrwpatterson commented 1 month ago

Sorry I have a new error any idea whats causing it or how I can fix it very annoying!


> assume AdministratorAccess-prod --env
2024/07/18 15:15:32 [keyring] Considering backends: [keychain]
2024/07/18 15:15:32 [keyring] Querying keychain for service="granted-aws-sso-tokens", account="https://d-.awsapps.com/start/base", keychain="login.keychain"
2024/07/18 15:15:32 [keyring] No results found
[DEBUG] error retrieving IAM Identity Center token from secure storage: The specified item could not be found in the keyring
2024/07/18 15:15:32 [keyring] Considering backends: [keychain]
2024/07/18 15:15:32 [keyring] Checking keychain status
2024/07/18 15:15:32 [keyring] Keychain status returned nil, keychain exists
2024/07/18 15:15:32 [keyring] Keychain item trusts keyring
2024/07/18 15:15:32 [keyring] Adding service="granted-aws-sso-tokens", label="", account="https://d-.awsapps.com/start/base", trusted=true to osx keychain "login.keychain"
2024/07/18 15:15:32 [keyring] Considering backends: [keychain]
2024/07/18 15:15:32 [keyring] Removing keychain item service="granted-aws-sso-tokens", account="https://d-.awsapps.com/start/", keychain "login.keychain"
[DEBUG] clearing sso token from the credentials cache: The specified item could not be found in the keyring
[✘] operation error SSO: GetRoleCredentials, https response error StatusCode: 401, RequestID: 2db0d626-ca69-4e1a-a5e4-28cb820828d2, UnauthorizedException: Session token not found or invalid```
samudurand commented 1 month ago

Same here, it suddently stopped working

chrnorm commented 1 month ago

Related issue and PR from the folks over at aws-vault, looks like we may need a similar sort of handling here.

As a workaround, @jrwpatterson @samudurand could you please run

granted cache clear --storage=sso-token

and let me know if this fixes the issue for you?

samudurand commented 1 month ago

Thanks! That did the trick for me. Interestingly if you already successfully logged in via the standard aws sso login, and you set your AWS_PROFILE then the assume command works as well, in a fashion, it says "token valid for 12h" or similar

jrwpatterson commented 1 month ago

Not for me!