Refresh session tokens #1
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [req](https://github.com/wojtekmach/req) from 0.5.10 to 0.5.15. - [Release notes](https://github.com/wojtekmach/req/releases) - [Changelog](https://github.com/wojtekmach/req/blob/main/CHANGELOG.md) - [Commits](wojtekmach/req@v0.5.10...v0.5.15) --- updated-dependencies: - dependency-name: req dependency-version: 0.5.15 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Redshift data API is used for interacting with data in Redshift warehouse. The redshift endpoints are for infrastructure management instead. Adds capabilities to use Redshift Data API documented here: [redshift-data] [redshift-data]: https://docs.aws.amazon.com/redshift-data/latest/APIReference/Welcome.html
Add bedrock endpoints to gov cloud partition
Bump req from 0.5.10 to 0.5.15
Add Redshift Data API endpoints
Bumps [hackney](https://github.com/benoitc/hackney) from 1.24.1 to 1.25.0. - [Release notes](https://github.com/benoitc/hackney/releases) - [Changelog](https://github.com/benoitc/hackney/blob/master/NEWS.md) - [Commits](benoitc/hackney@1.24.1...1.25.0) --- updated-dependencies: - dependency-name: hackney dependency-version: 1.25.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bump hackney from 1.24.1 to 1.25.0
Specifically: `(RuntimeError) places not found in partition aws-us-gov`
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refreshes Application Session tokens after they expire in an hour
Fixes ex-aws#1100
AWS SSO has two different session concepts, Application Session tokens and a sign in session:
https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html#sessionsconcept
Depending on the configured expiration time for the
aws sso loginsession can be valid for up to 90 days, while the "application session" token which is always only valid for 1 hour (I assume this is a security measure so the session can be revoked without waiting a full 90 days). While the sign in session is valid, the refresh token can be used to generate new application session tokens for up to the full 90 days.So we can use the refresh token to retrieve another Application Session token with the
CreateTokencall: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.htmlHere's the base url: "https://oidc.#{region}.amazonaws.com/token"
And here's an example of the payload (where the
sso_cacheis from~/.aws/sso/cache):TODO: