search

okta / okta-aws-cli

A CLI for having Okta as the IdP for AWS CLI operations
https://github.com/okta/okta-aws-cli
Other
128 stars 34 forks source link

Improve UX around invalid cached token #118

Closed michaeldop closed 1 year ago

michaeldop commented 1 year ago

If I have an access token cached, but it is invalid due to me logging out of my session I get this error (whether I use the the --cache-access-token flag or not)

Error: fetching SSO web token received API response "400 Bad Request", error: "invalid_grant", description: "The 'subject_token' either expired or the session associated with it was terminated."

The only way to get around this issue that I have found is to delete the cached token

rm -rf ~/.okta/awscli-access-token.json

Would it be possible to catch this error and continue on with the login flow and/or remove the cached token?

lw-cchapin commented 1 year ago

114

monde commented 1 year ago

@michaeldop , agreed, that would be better behavior in the cached token flow. I'll see what I can do.

monde commented 1 year ago

Okta internal reference: https://oktainc.atlassian.net/browse/OKTA-643512