schubergphilis
Login seems to be broken since two days.
Tested with version 3.1.3, this broke sometime around 2023-03-21T00:30+01:00 according to our logs. Looks like the oauth SSO login portion is not finding the expected Location header in the initial response and breaking down.
Traceback (most recent call last):
File "foobar.py", line 4, in <module>
sso = Sso('*****')
File "/root/.cache/pypoetry/virtualenvs/sso-user-inventoryy-ePbjsISL-py3.9/lib/python3.9/site-packages/awsapilib/sso/sso.py", line 100, in __init__
self.session = self._get_authenticated_session()
File "/root/.cache/pypoetry/virtualenvs/sso-user-inventoryy-ePbjsISL-py3.9/lib/python3.9/site-packages/awsapilib/sso/sso.py", line 178, in _get_authenticated_session
return self.aws_authenticator.get_sso_authenticated_session()
File "/root/.cache/pypoetry/virtualenvs/sso-user-inventoryy-ePbjsISL-py3.9/lib/python3.9/site-packages/awsapilib/authentication/authentication.py", line 455, in get_sso_authenticated_session
oauth = self._get_response(hash_args.headers.get('Location'),
File "/root/.cache/pypoetry/virtualenvs/sso-user-inventoryy-ePbjsISL-py3.9/lib/python3.9/site-packages/awsapilib/authentication/authentication.py", line 272, in _get_response
response = requests.get(**arguments)
File "/root/.cache/pypoetry/virtualenvs/sso-user-inventoryy-ePbjsISL-py3.9/lib/python3.9/site-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/root/.cache/pypoetry/virtualenvs/sso-user-inventoryy-ePbjsISL-py3.9/lib/python3.9/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/root/.cache/pypoetry/virtualenvs/sso-user-inventoryy-ePbjsISL-py3.9/lib/python3.9/site-packages/requests/sessions.py", line 528, in request
prep = self.prepare_request(req)
File "/root/.cache/pypoetry/virtualenvs/sso-user-inventoryy-ePbjsISL-py3.9/lib/python3.9/site-packages/requests/sessions.py", line 456, in prepare_request
p.prepare(
File "/root/.cache/pypoetry/virtualenvs/sso-user-inventoryy-ePbjsISL-py3.9/lib/python3.9/site-packages/requests/models.py", line 316, in prepare
self.prepare_url(url, params)
File "/root/.cache/pypoetry/virtualenvs/sso-user-inventoryy-ePbjsISL-py3.9/lib/python3.9/site-packages/requests/models.py", line 390, in prepare_url
raise MissingSchema(error)
requests.exceptions.MissingSchema: Invalid URL 'None': No schema supplied. Perhaps you meant http://none/?
Thanks for reporting, I have blocked some time next Thursday to have a look at it. Sorry I can't do it any earlier :(
By the way SSO is supported from boto3 for quite some time now. What is the feature that keeps you using this library for it? (just curious of the usage case)
Hi, the new SSO APIs still do not export the "active" attribute on the users. So we've been using this lib to quickly enumerate the full list of users in the SSO, as well as their relevant attributes (like the "active" attribute).
Now with the new SSO APIs I'm at least able to enumerate all users using official APIs, something that was not doable before. I'm currently getting the "active" attribute via the SCIM interface which we luckily have available, so I do have a workaround for this, and we'll probably not go back to using this library in the future. At least these two APIs are now "official" and doing the job, although quite a bit slower. I'm hoping to be able to migrate to only the SSO API in some time.
Thank you for providing that library - it helped us out immensely for a year :) Don't feel pressure for fixing this from my end. Just wanted to report what's happening.
Hi @JanKoppe ,I have fixed the authentication to SSO but of course all the endpoints have changed with the move below IAM so nothing actually works still. I will get on it but there are some other stuff that need fixing first that there is no alternative for, like root logins and cloudformation stackset. I will keep this ticket updated with the progress.