Closed es50678 closed 1 year ago
Hey thanks for reporting. I think I get a glimpse about procedural issue there. But. let me try to reproduce and confirm. Yah feel free to look around the code, there. 🙂
looks like it's not a problem that only happens on start up, just tried it again this morning:
❯ yawsso
Current cached SSO login is expired since 2022-07-02T01:53:56-04:00. Try login again.
❯ export AWS_PROFILE=devAdmin
❯ yawsso
Current cached SSO login is expired since 2022-07-02T01:53:56-04:00. Try login again.
❯ aws sso login
Attempting to automatically open the SSO authorization page in your default browser.
...
Successfully logged into Start URL: https://staxlabs.awsapps.com/start#/
❯ yawsso
Current cached SSO login is expired since 2022-07-02T01:53:16-04:00. Try login again.
❯ export AWS_PROFILE=prodAdmin
❯ yawsso
Current cached SSO login is expired since 2022-07-02T01:53:16-04:00. Try login again.
❯ aws sso login
Attempting to automatically open the SSO authorization page in your default browser.
...
Successfully logged into Start URL: https://d-92677f5210.awsapps.com/start#/
❯ yawsso
> SUCCESS
❯
it also looks to be more complicated that i originally thought... as the order of the profiles in my config
file changed. Before, prodDeveloper
was first, but this morning it was prodAdmin
.
It worked after I did aws sso login
with prodAdmin
when last time it worked when I did prodDeveloper
, i didn't get to try prodDeveloper
this time.
Maybe i was wayyy off in my original report on what the possible problem is?
Will look into it more if i have time today.
Some more info from todays login, I think I'm getting close to the problem now...
so... I was trying to find out where yawsso gets the timestamp from Current cached SSO login is expired since 2022-07-05T21:50:44-04:00.. Try login again.
found it in ~/.aws/sso/cache/FILE-1
{
"startUrl": "START-URL-1",
"expiresAt": "2022-07-05T21:50:44Z"
}
Then I did a login and noticed a tid-bit:
❯ yawsso login --profile prodDeveloper
Successfully logged into Start URL: REDACTED
Current cached SSO login is expired since 2022-07-05T21:51:53-04:00. Try login again.
kept digging and found:
FILE-1
had been updated to show 2022-07-07T03:47:11Z
the timestamp from the last line of the output of my login attempt is the same as the timestamp in ~/.aws/sso/cache/FILE-2
{
"startUrl": "START-URL-2",
"expiresAt": "2022-07-05T21:51:53Z"
}
which is VERY interesting because I also noticed... ... in my credentials file, it only updated the credentials for 3/5 of my profiles
[prodAdmin]
aws_session_expiration = 2022-07-05T23:35:10+0000 <-- NOT UPDATED
[devAdmin]
aws_session_expiration = 2022-07-05T23:35:11+0000 <-- NOT UPDATED
[prodDeveloper]
aws_session_expiration = 2022-07-07T07:47:11+0000
[prodQABuilder]
aws_session_expiration = 2022-07-07T07:47:12+0000
[prodLeadDeveloper]
aws_session_expiration = 2022-07-07T07:47:13+0000
infact, the only difference between the start-urls for the two sessions is that one uses the account id and the other the account alias.
I deleted the cache folder, ran aws sso login
, then yawsso
and everything went smoothly.
So... I think that's it. Feel free to close this if you want, only thing I can think to do is maybe add some messaging around it?
Thanks for forensic.
Right! 2 SSO cache files from 2 SSO sessions. I will see if I can reproduce that -- might be handy to see your ~/.aws/config
profiles counterpart on SSO setup there. If you can share, pls kindly REDACTED/mock them. I only need to know general config structure in there.
If you think yawsso
is still producing the correct behaviour, we can close the issue, yes. We could drop a note in Wiki tab -- so that it helps next user who might encounter.
Hello,
On first time use...
I have 4 sso profiles in my config:
I have
prodAdmin
cached, but nothing else and try to runyawsso
I then login for
prodDeveloper
and everything worksI'm not sure if this is also a problem after the first time use, but I wanted to document it while I could.
I'll also try to take a look into the code base, i want more experience with python and hopefully I can hack it out.