AWS SSO Exception

[hutterm]

when pointing sleet to a profile with AWS SSO credentials sleet responds with

[System.InvalidOperationException] Assembly AWSSDK.SSOOIDC could not be found or loaded. This assembly must be available at runtime to use Amazon.Runtime.SSOAWSCredentials, AWSSDK.Core, Version=3.3.0.0, Culture=neutral, PublicKeyToken=885c28607f98e604.

for reference, my sleet.json uses "profileName": "aws-dev" and a corresponding entry is in my ~/.aws/config :

[profile aws-dev]
sso_start_url = ...
sso_region = ...
sso_account_id = ...
sso_role_name = ...
region = ...
output = json

I'm getting new credentials with aws sso login --profile aws-dev before, so everything seems to be setup correctly on my side.

Looks like sleet might just need to update it's dependency on the aws core sdk libraries?

[emgarten]

Are you using sleet.exe or the dotnet tool package?

I'll take a look at updating to the latest AWS. From the error it looks like a dependency didn't make it into the package or exe.

[hutterm]

dotnet tool

[emgarten]

@hutterm try installing the updated version here: https://www.nuget.org/packages/Sleet/5.1.3

Let me know if your SSO profile works with these changes. If not I may need some help from you to get the AWS profile load correct.

[hutterm]

Can confirm, it works! Thanks a lot!

heads up for anyone that comes across this: I initially hit this ArgumentNullException: Parameter name: Options property cannot be empty: ClientName simitlar to https://github.com/aws/aws-sdk-net/issues/1821

I worked through that thread and as it turns out my AWS CLI needed an update as well. After that it worked flawlessly when previously logging in with aws sso login --profile ...

[emgarten]

Glad it worked!

Thanks for including help on the client name, I'm sure others will run into that as well.

[hutterm]

@emgarten Just to explain to you quickly what was throwing there. I went through your code to see what was happening.

First finding: your additions here: https://github.com/emgarten/Sleet/pull/170/files#diff-c5ea30c889009ba11fba4fe02f94c6094f2a031e07b079f92e5c1198f07c3e16R182 are actually not being hit! the SSO Credentials are correctly gotten from line 177 already.

Second:

                            if (credFile.TryGetProfile(profileName, out var profile))
                            {
                                // Successfully created the credentials using the profile
                                var awsCredentials = profile.GetAWSCredentials(profileSource: null);
                                ((SSOAWSCredentials)awsCredentials).Options.ClientName = "SSO";
                                ((SSOAWSCredentials)awsCredentials).Options.SsoVerificationCallback = ssoArgs =>
                                    System.Diagnostics.Process.Start(new System.Diagnostics.ProcessStartInfo()
                                    {
                                        FileName = ssoArgs.VerificationUriComplete, UseShellExecute = true
                                    });
                                amazonS3Client = new AmazonS3Client(awsCredentials, config);
                            }

with this code in place, you will actually handle timed out credentials. You probably would need some considerations to not get a CastException if you have other credentials and I'm not sure if you can start a process form every context where Sleet would run, but that code at least opens the browser for me and does the SSO verification and gets a new token. Without that code, if that ClientName and SsoVerificationCallback is missing, that's when you get the ArgumentNullException I talked about here.

[emgarten]

I would happy to take a PR that improves the SSO experience. I don't have an AWS account that signs in this way which makes it difficult for me to improve this myself.