architect
SSO - cache filename is incorrect when using `sso_session`
Describe the issue
If you define an SSO profile, and give it a sso_session name the subsequent hash used to find the SSO cache file in /.aws/sso/cache is incorrect, resulting in a failure to find the valid token.
Expected behavior
The get-creds code is solely using sso_start_url as the input for the sha1 hash used to locate the token.
However, the botocore sdk used in the AWS CLI only uses sso_start_url as a fallback, preferring sso_session if it exists - you can see that here in the relevant boto sdk function
Steps to reproduce
Define an SSO profile which also contains an sso_session eg:
in /.aws/config
[profile example_profile]
sso_session = sso-config
sso_account_id = 123456789
[sso-session sso-config]
sso_region = us-east-2
sso_start_url = https://sso-domain.awsapps.com/start
or in /.aws/credentials
[example_profile]
sso_session = sso-config
sso_account_id = 123456789
You will be unable to authenticate via SSO as the path to the token file will be incorrect, the hash will not match that of the hash created by boto when running aws sso login --profile example_profile
I'll a send PR that adds a test to your SSO unit test that demonstrates the issue.
Platform / version
n/a
How urgent do you feel this bug is?
None
Additional context
I have a PR ready that fixes the issue, will add shortly
