Closed nikitaromm closed 1 week ago
@nikitaromm is the OIDC client id the same for each invocation? The cached access token is bound to the client id.
@monde yes, we are using the same OIDC client id for each invocation. It worked in the past and we were able to use the same token for 15+ AWS accounts with no problem.
@nikitaromm thanks for the confirmation. I'm interested to see what this odd and apparently deterministic behavior is all about.
@monde sure, please let me know which details you require.
Version:
okta-aws-cli
version v2.1.2Description:
Currently, when utilizing
okta-aws-cli
for multiple accounts within a loop while settingOKTA_AWSCLI_CACHE_ACCESS_TOKEN=true
, after every 3 accounts, it disregards the$HOME/.okta/awscli-access-token.json
file and prompts for re-authentication.Steps to Reproduce:
OKTA_AWSCLI_CACHE_ACCESS_TOKEN=true
okta-aws-cli
for multiple accounts in a loopExpected Behavior:
The expectation is that the same
$HOME/.okta/awscli-access-token.json
token remains valid and can be utilized seamlessly across all accounts within the loop without the need for re-authentication.