Cannot use SSO credentials

[geekingfrog]

What is the problem?

I run the official aws cli to configure SSO credentials and everything works. I set up the env var AWS_PROFILE to the right value, and running aws s3 ls works as expected.
However, when trying to run some code using the rust sdk I am greeted with:

Error: failed to construct request: Failed to load credentials from the credentials provider: An error occurred while loading credentials: An error occurred while loading credentials: SSO Token was invalid (expected JSON): Invalid field in response: `expiresAt`. invalid date-time: invalid RFC-3339 date-time: the 'offset hour' component could not be parsed

Caused by:
    Failed to load credentials from the credentials provider: An error occurred while loading credentials: An error occurred while loading credentials: SSO Token was invalid (expected JSON): Invalid field in response: `expiresAt`. invalid date-time: invalid RFC-3339 date-time: the 'offset hour' component could not be parsed

Under ~/.aws/sso/cache there are three json files with the following content:

{
  "startUrl": "REDACTED",
  "region": "eu-west-1",
  "accessToken": "REDACTED",
  "expiresAt": "2021-12-07T01:19:12UTC"
}
{
  "startUrl": "REDACTED",
  "region": "eu-west-1",
  "accessToken": "REDACTED",
  "expiresAt": "2022-02-03T19:44:13UTC"
}
{
  "clientId": "REDACTED",
  "clientSecret": "REDACTED",
  "expiresAt": "2022-02-23T10:56:02UTC"
}

Version

0.6.0

Platform

Linux arch-desktop 5.16.2-arch1-1 #1 SMP PREEMPT Thu, 20 Jan 2022 16:18:29 +0000 x86_64 GNU/Linux

[Velfi]

Thanks for submitting this issue. I'm looking into it. In the meantime, can you post the version of the AWS CLI that you're using? We'd expect the expiresAt dates to end with Z instead of UTC.

[geekingfrog]

$ aws --version
aws-cli/2.0.56 Python/3.7.3 Linux/5.16.2-arch1-1 exe/x86_64.arch

[Velfi]

v2.0.56 of the CLI was released on Oct 8 , 2020, are you able to update to a more recent version an see if that fixes things? I believe v2.4.12 is the latest.

[geekingfrog]

Alright, I updated my cli to latest version, and indeed, the expiresAt field now ends with a Z.
Feel free to close the bug if you don't plan to support older format.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[mrjeanjoseph]

I just ran into a similar issue. mine return error:
SSL validation failed for https://oidc.us-east-1.amazonaws.com/client/register [Errno 2] No such file or directory

I am getting this error when trying to configure sso with or w/o --no-verify-ssl

[jdisanti]

@mrjeanjoseph - That looks like a different problem. Please file a separate issue or discussion.