AWS Session Expiration Issue

[BPCS-wit]

When using SSO to AWS over browser a session is created which is only to last 8 hours (setup within AWS). But the leapp app assuming 7 days. After 8 hours (when switching profiles) an invalid token message appears.
Only way to solve is to go to Integrations->Logout -> then Login again

Leapp Version
0.8.1.0

Expected behavior
Reopen the browser SSO dialog to refresh the token

Screenshots

Desktop (please complete the following information):

• Windows 10 (x64)

[pethron]

Can this be linked to #108 ?
@ericvilla @andreacavagna01

[BPCS-wit]

@pethron yes it can. Actually the issue appeared last week for me after updating from 0.8.0 to 0.8.1 therefore I thought the issue is new.

[ericvilla]

@pethron @BPCS-wit I'll check it out! Thank you for reporting

[tgjohnst]

I have also been encountering this issue, thanks for flagging the issue and temporary workaround. Looking forward to a fix.

[jaypan13]

First of all thank you very much to all developers for creating such wonderful tool and idea 💯.

With my case, I upgraded today from 0.7.3 to 0.8.1 on my mac. All profiles showed up but none of them were connecting. When opened integrations menu, it was showing 3 days and online opposed to 8 hours. So tried to log off and then logged back in as temporary workaround. It started showing 8 hours and online.

But when was trying to activate any session, it was showing error with Region.

Tried multiple attempts but it is now not allowing me to activate any session. I had followed up this and current 220 issue very recently, like couple of days before. I deleted all entries from keychain. After logout it shows "Cleaning configuration file" and then restarts but still not able to login. But I am not able to now open any session at all. Not sure if I should create different issue as this is mixture of both.

[andreacavagna01]

@Jay1305 Thank you so much for the appreciation to the project! At least you can try to delete the ~/.Leapp/Leapp-lock.json file. This will erase your current configuration and you will start with a brand new configuration, this will make the app works.
We are still troubleshooting this issue even for the next version

[jaypan13]

Hey @andreacavagna01! Thanks for your reply. I had tried literally everything (deleted leapp-lock, removed from keychain,
restarted mac, and so on mentioned in this comment, but from that day leapp is not working at all when I upgraded from 0.7.3 to 0.8.2. So finally decided to download the dev code to at least find what the issue is with my local environment. I am not js developer so can you please tell me what I can find more here?

It is getting failed here -

Console

Thanks again :)

Edit -
I am not sure if that helped but I used aws sso configure with my settings on my machine (which I didn't do before) and now I am able to connect the sessions from Leapp. I am not 100% positive that sso configure would have helped me as Leapp was working regardless before.

[zswanson]

This may have been something on the AWS side - we'd been seeing this with 0.8.1 for at least 2 weeks and then its suddenly stopped and the integration options no longer show that 7 day expiration period.

[andreacavagna01]

Absolutely. We save the expiration code time directly from AWS SSO OIDC sdk. But the token is valid only for 8 hours

[ericvilla]

I can confirm it too. The aws-sdk/clients/ssooidc's createToken method returned a token valid for 7 days (no Leapp overhead). We tried to force a previous version of the AWS SDK, but it still wasn't working. Now it seems to work as expected, returning a token valid for 8 hours.

[BPCS-wit]

So, the behavior changed for me. Now I am getting 8 hours (as expected) for session duration. After the 8 hours a new token is generated. For me, the app is now working as expected.
Maybe an issue on the AWS site?

[ericvilla]

Yes @BPCS-wit, it was not related to Leapp itself but to the AWS SSO createToken API response. I'm going to close the issue