new aws sso workflow changes

- [x] I am using the latest release of AWS Vault
- [x] I have provided my `.aws/config` (redacted if necessary)
- [x] I have provided the debug output using `aws-vault --debug` (redacted if necessary)

aws-vault v7.2.0 (from brew)

```
[profile dev]
sso_start_url = https://XXXX.awsapps.com/start
sso_region = us-east-1
sso_account_id = XXXXX
sso_role_name = AdministratorAccess
region = us-east-1
```

```
$ aws-vault login --debug dev
2025/01/08 11:05:47 aws-vault v7.2.0
2025/01/08 11:05:47 Using prompt driver: terminal
2025/01/08 11:05:47 [keyring] Considering backends: [keychain]
2025/01/08 11:05:47 Loading config file /Users/fernando/.aws/config
2025/01/08 11:05:47 Parsing config file /Users/fernando/.aws/config
2025/01/08 11:05:47 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2025/01/08 11:05:47 [keyring] Found 0 results
2025/01/08 11:05:47 profile ea-dev-legacy: using SSO role credentials
2025/01/08 11:05:47 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2025/01/08 11:05:47 [keyring] Found 0 results
2025/01/08 11:05:47 [keyring] Querying keychain for service="aws-vault", keychain="aws-vault.keychain"
2025/01/08 11:05:47 [keyring] Found 0 results
2025/01/08 11:05:47 [keyring] Querying keychain for service="aws-vault", account="sso.GetRoleCredentials,XXX,,xxxx", keychain="aws-vault.keychain"
2025/01/08 11:05:47 [keyring] No results found
2025/01/08 11:05:47 [keyring] Querying keychain for service="aws-vault", account="oidc:https://XXXXX.awsapps.com/start", keychain="aws-vault.keychain"
2025/01/08 11:05:47 [keyring] No results found
2025/01/08 11:05:47 Created new OIDC client (expires at: 2025-04-08 12:05:47 +0100 WEST)
2025/01/08 11:05:47 Created OIDC device code for https://XXXXX.awsapps.com/start (expires in: 600s)
2025/01/08 11:05:47 Opening SSO authorization page in browser
Opening the SSO authorization page in your default browser (use Ctrl-C to abort)
https://XXXXX.awsapps.com/start/#/device?user_code=XXXXXXX
```

both exec and login no longer work today.
I suspect aws sso workflow has changed.
now, instead of getting valid creds, https://XXXX.awsapps.com/start/ page opens.
reading https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html , seems a new field is required
`SSO registration scopes [None]: sso:account:access`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

new aws sso workflow changes #1261

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

new aws sso workflow changes #1261

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions