aws-toolkit-vscode icon indicating copy to clipboard operation
aws-toolkit-vscode copied to clipboard
verified publisher icon aws

AWS Builder ID credentials expire in one day

Open mrtj opened this issue 1 year ago • 4 comments

Problem

The credentials provided by the AWS Builder ID expire way too quickly. Every morning I open VSCode, the AWS Toolkit plugin bothers me to be re-authenticated, having to click several dialogs in VSCode, then it sends me to the browser where I still have to click three-four times, then I manually have to switch back to VSCode window.

Extend the validity period of these credentials or implement some renewal mechanism, like all decent authentication systems do.

Steps to reproduce the issue

  1. Log in to AWS Toolkit with AWS Builder ID
  2. Wait one day

Expected behavior

I'm still logged in to the AWS Toolkit after one day.

System details (run the AWS: About Toolkit command)

  • OS: Darwin arm64 21.6.0
  • Visual Studio Code extension host: 1.86.2
  • AWS Toolkit: 2.11.0
  • node: 18.17.1
  • electron: 27.2.3

mrtj avatar Feb 29 '24 07:02 mrtj

This is unusual. Are you certain you aren't authenticating through Identity Center (SSO)? The default expiration there is 8 hours, which is controlled by the Identity Center administrator.

Can you provide the Toolkit logs?

  1. In VSCode settings, ensure that "aws log level" is "debug".
  2. Perform the steps to reproduce the issue.
  3. Use the AWS: View Toolkit Logs command to get the logs.
  4. Remove any private info from the logs.

justinmk3 avatar Feb 29 '24 22:02 justinmk3

Hello, here is the log and screenshots of reproducing the bug.

I start with clicking on the expired banner in the status bar: Screenshot 2024-03-01 at 15 28 36

It pops up the switch connection dropdown, I select AWS Builder ID: Screenshot 2024-03-01 at 15 28 48

It asks me two confirmation: Screenshot 2024-03-01 at 15 28 56
Screenshot 2024-03-01 at 15 29 05

(In effect the URL suggest a redirection to the SSO, but I asked for the Builder ID)

It redirects me the following URL: https://view.awsapps.com/start/user-consent/authorize.html?clientld=... and after two confirmation...

Screenshot 2024-03-01 at 15 29 13 Screenshot 2024-03-01 at 15 29 38

It successfully authenticate the VSCode app and for one day I'm again OK.

Screenshot 2024-03-01 at 15 29 45

The extracted logs:

aws_toolkit_logs.txt

mrtj avatar Mar 01 '24 14:03 mrtj

Thanks. Need the logs for after the expiration happens.

justinmk3 avatar Mar 01 '24 20:03 justinmk3

I have the same issue required re-validate AWS connection every time VS Code starts, although I haven't used code whisperer yet. Here's the logs from your instruction above.

2024-03-05 08:50:44 [DEBUG]: command not found: "aws.amazonq.refresh" 2024-03-05 08:50:44 [DEBUG]: command not found: "aws.amazonq.refreshRootNode" 2024-03-05 08:50:44 [DEBUG]: codewhisperer: Connection is valid = false, connection is undefined = true, secondaryAuth connection expired = false 2024-03-05 08:50:44 [DEBUG]: codewhisperer: Connection expired = false, secondaryAuth connection expired = false, connection is undefined = true 2024-03-05 08:50:44 [DEBUG]: codewhisperer: Connection expired = false, secondaryAuth connection expired = false, connection is undefined = true

my AWS Toolkit version is 2.12.0 2024-02-29.

Vinci08 avatar Mar 05 '24 14:03 Vinci08