Token cache issue in okta-aws-cli: reauthentication required after every 3 aws accounts #198
Labels
triaged
triaged into Okta's Jira backlog
Comments
nikitaromm
changed the title
|
@nikitaromm is the OIDC client id the same for each invocation? The cached access token is bound to the client id. |
|
@monde yes, we are using the same OIDC client id for each invocation. It worked in the past and we were able to use the same token for 15+ AWS accounts with no problem. |
|
@nikitaromm thanks for the confirmation. I'm interested to see what this odd and apparently deterministic behavior is all about. |
|
@monde sure, please let me know which details you require. |
monde
added a commit
that referenced
this issue
Jul 8, 2024
outside of okta-aws-cli's control. Closes #207 Closes #198
monde
added a commit
that referenced
this issue
Jul 8, 2024
outside of okta-aws-cli's control. Closes #207 Closes #198
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version:
okta-aws-cliversion v2.1.2Description:
Currently, when utilizing
okta-aws-clifor multiple accounts within a loop while settingOKTA_AWSCLI_CACHE_ACCESS_TOKEN=true, after every 3 accounts, it disregards the$HOME/.okta/awscli-access-token.jsonfile and prompts for re-authentication.Steps to Reproduce:
OKTA_AWSCLI_CACHE_ACCESS_TOKEN=trueokta-aws-clifor multiple accounts in a loopExpected Behavior:
The expectation is that the same
$HOME/.okta/awscli-access-token.jsontoken remains valid and can be utilized seamlessly across all accounts within the loop without the need for re-authentication.The text was updated successfully, but these errors were encountered: