This pull request addresses an issue where users with expired sessions in their browsers encounter repeated authentication failures when running the okta-aws-cli web command. Previously, the tool would attempt to authenticate twice and display an error message: "Cached access token appears to be stale...". However, it did not provide clear guidance on how to resolve the issue.
Changes Made:
Updated the NewWebCommand function to check after two failed authentication attempts.
If the authentication fails due to an invalid_grant error after retries, the tool now informs the user to log out of Okta in their
browser and log back in.
Added user-friendly messaging to guide users through resolving the expired session issue.
Impact:
Enhances user experience by providing clear instructions to resolve authentication issues caused by expired browser sessions.
Reduces confusion and potential support requests related to stale cached tokens.
This pull request addresses an issue where users with expired sessions in their browsers encounter repeated authentication failures when running the okta-aws-cli web command. Previously, the tool would attempt to authenticate twice and display an error message: "Cached access token appears to be stale...". However, it did not provide clear guidance on how to resolve the issue.
Changes Made:
Updated the NewWebCommand function to check after two failed authentication attempts.
If the authentication fails due to an invalid_grant error after retries, the tool now informs the user to log out of Okta in their browser and log back in.
Added user-friendly messaging to guide users through resolving the expired session issue.
Impact:
see: https://github.com/okta/okta-aws-cli/issues/153#issuecomment-2400510923