You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With aws/aws-sdk-php version 3.262.4, only legacy configuration is working, but with 3.281.15 SSO token provider configuration work too.
Maybe since this commit : https://github.com/aws/aws-sdk-php/pull/2628/files
Because we use async-aws with https://github.com/symfony/amazon-sqs-messenger , we need these packages and version to have sso config working :
"async-aws/core": "^1.20",
"async-aws/sso": "^0.1.0",
But it only allow us to use legacy sso configuration, SSO token provider configuration is not working for async, messenger component show this error :
[messenger] No credentials found for profile "test". ["profile" => "test"]
we found in vendors code that we are using chainProvider from async-aws/core (IniFileProvider) who don't allow to use "sso_session" in profile from config file
but the chainProvider CredentialProvider from aws/aws-sdk-php can use sso_session and the SSO token provider configuration.
With async-aws/core the only function now implemented for sso is getCredentialsFromLegacySso($profileData, $profile);
These is our ~/.aws/config who work with messenger component :
[profile test]
sso_start_url = https://test.awsapps.com/start
sso_region = eu-central-1
sso_account_id = 123
sso_role_name = test
region = eu-central-1
output = json
And this one only work with aws-sdk-php for synchronous requests (s3/...), but not for async-aws with symfony messenger (error No credentials found for profile) :
We've been removing async-aws from our services because the lack of SSO. Would love to see it implemented here.
I have even tried a bit to create a new SSO provider for async-aws, but I keep getting lost trying to figure out how it works. 😢 Hopefully someone smarter than me can do it.
Hello,
In this doc we can use two way to authenticate with sso using php sdk (SSO token provider & legacy configuration) :
https://docs.aws.amazon.com/sdkref/latest/guide/feature-sso-credentials.html#feature-sso-credentials-profile
With aws/aws-sdk-php version 3.262.4, only legacy configuration is working, but with 3.281.15 SSO token provider configuration work too.
Maybe since this commit :
https://github.com/aws/aws-sdk-php/pull/2628/files
Because we use async-aws with https://github.com/symfony/amazon-sqs-messenger , we need these packages and version to have sso config working :
"async-aws/core": "^1.20",
"async-aws/sso": "^0.1.0",
But it only allow us to use legacy sso configuration, SSO token provider configuration is not working for async, messenger component show this error :
[messenger] No credentials found for profile "test". ["profile" => "test"]
we found in vendors code that we are using chainProvider from async-aws/core (IniFileProvider) who don't allow to use "sso_session" in profile from config file
but the chainProvider CredentialProvider from aws/aws-sdk-php can use sso_session and the SSO token provider configuration.
With async-aws/core the only function now implemented for sso is getCredentialsFromLegacySso($profileData, $profile);
These is our ~/.aws/config who work with messenger component :
[profile test]
sso_start_url = https://test.awsapps.com/start
sso_region = eu-central-1
sso_account_id = 123
sso_role_name = test
region = eu-central-1
output = json
And this one only work with aws-sdk-php for synchronous requests (s3/...), but not for async-aws with symfony messenger (error No credentials found for profile) :
[profile test]
sso_session = my-sso
sso_account_id = 123456
sso_role_name = test
region = eu-central-1
output = json
[sso-session my-sso]
sso_region = eu-central-1
sso_start_url = https://test.awsapps.com/start
sso_registration_scopes = sso:account:access
Do you know if there is a workaround or if we need to wait for awsync-core to enabled SSO token provider ?
Do you have any roadmap on it ?
The text was updated successfully, but these errors were encountered: