Skip to content

fix: improve OAuth token handling for ChainableRamRoleArn and refresh… #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
CodeSpaceiiii merged 1 commit into from
Jan 27, 2026
Merged

fix: improve OAuth token handling for ChainableRamRoleArn and refresh… #153

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 37 additions & 10 deletions credentials/providers/cli_profile.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -309,6 +309,24 @@ func (provider *CLIProfileCredentialsProvider) GetProviderName() string {
return "cli_profile"
}

// findSourceOAuthProfile 递归查找 OAuth source profile
func (conf *configuration) findSourceOAuthProfile(profileName string) (*profile, error) {
profile, err := conf.getProfile(profileName)
if err != nil {
return nil, fmt.Errorf("unable to get profile with name '%s' from cli credentials file: %v", profileName, err)
}

if profile.Mode == "OAuth" {
return profile, nil
}

if profile.SourceProfile != "" {
return conf.findSourceOAuthProfile(profile.SourceProfile)
}

return nil, fmt.Errorf("unable to get OAuth profile with name '%s' from cli credentials file", profileName)
}

// updateOAuthTokens 更新OAuth令牌并写回配置文件
func (provider *CLIProfileCredentialsProvider) updateOAuthTokens(refreshToken, accessToken, accessKey, secret, securityToken string, accessTokenExpire, stsExpire int64) error {
provider.fileMutex.Lock()
Expand All @@ -321,19 +339,28 @@ func (provider *CLIProfileCredentialsProvider) updateOAuthTokens(refreshToken, a
}

profileName := provider.profileName
profile, err := conf.getProfile(profileName)
if profileName == "" {
profileName = conf.Current
}
if profileName == "" {
return fmt.Errorf("unable to get profile to update")
}

// 递归查找真正的 OAuth source profile
sourceProfile, err := conf.findSourceOAuthProfile(profileName)
if err != nil {
return fmt.Errorf("failed to get profile %s: %v", profileName, err)
return fmt.Errorf("failed to find OAuth source profile: %v", err)
}

// update
profile.OauthRefreshToken = refreshToken
profile.OauthAccessToken = accessToken
profile.OauthAccessTokenExpire = accessTokenExpire
profile.AccessKeyID = accessKey
profile.AccessKeySecret = secret
profile.SecurityToken = securityToken
profile.StsExpire = stsExpire
// update OAuth tokens
sourceProfile.OauthRefreshToken = refreshToken
sourceProfile.OauthAccessToken = accessToken
sourceProfile.OauthAccessTokenExpire = accessTokenExpire
// update STS credentials
sourceProfile.AccessKeyID = accessKey
sourceProfile.AccessKeySecret = secret
sourceProfile.SecurityToken = securityToken
sourceProfile.StsExpire = stsExpire

// write back with file lock
return provider.writeConfigurationToFileWithLock(cfgPath, conf)
Expand Down
Loading
Loading