Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSO token refresh does not retry on network errors, which can result in spurious reports of "re-login required" #801

Open
justinmk3 opened this issue Feb 25, 2025 · 0 comments
Open

SSO token refresh does not retry on network errors, which can result in spurious reports of "re-login required" #801

justinmk3 opened this issue Feb 25, 2025 · 0 comments
Labels
bug Something isn't working server: aws-lsp-identity

Comments

@justinmk3
Copy link
Contributor

justinmk3 commented Feb 25, 2025
edited
Loading

Problem

Users are experiencing frequent re-login requirement.

This may be due to transient network issues: sso token refresh can fail because of transient network issues?

If network issues are not handled by retrying (with backoff), then temporary network issues can randomly surface to users as "you need to login again".

Examples in AWS Toolkit:

Expected behavior

The sso lsp server should retry and be robust/adaptive under transient network issues.

To see an example of how AWS Toolkit currently handles this, look for references to isNetworkError in the codebase: https://github.com/aws/aws-toolkit-vscode/blob/cc0455f112c3be8db3232acfb777341f3225c557/packages/core/src/shared/errors.ts#L829

packages/core/src/auth/auth.ts|16 col 33-47| import { errorCode, isAwsError, isNetworkError, ToolkitError, UnknownError } from '../shared/errors'
packages/core/src/auth/auth.ts|865 col 13-27| if (isNetworkError(e)) {
packages/core/src/auth/secondaryAuth.ts|18 col 10-24| import { isNetworkError } from '../shared/errors'
packages/core/src/auth/secondaryAuth.ts|369 col 21-35| if (isNetworkError(err) && connectionState === 'valid') {
packages/core/src/auth/sso/ssoAccessTokenProvider.ts|22 col 5-19| isNetworkError,
packages/core/src/auth/sso/ssoAccessTokenProvider.ts|201 col 25-39| } else if (!isNetworkError(err)) {
packages/core/src/codewhisperer/util/authUtil.ts|9 col 24-38| import { ToolkitError, isNetworkError, tryRun } from '../../shared/errors'
packages/core/src/codewhisperer/util/authUtil.ts|428 col 27-41| (err) => !isNetworkError(err),
packages/core/src/shared/errors.ts|829 col 17-31| export function isNetworkError(err?: unknown): err is Error & { code: string } {
packages/core/src/test/shared/errors.test.ts|15 col 5-19| isNetworkError,
packages/core/src/test/shared/errors.test.ts|539 col 13-27| isNetworkError(new Error('Failed to establish a socket connection to proxies BLAH BLAH BLAH')),
packages/core/src/test/shared/errors.test.ts|544 col 13-27| isNetworkError(new Error('I am NOT a network error')),
packages/core/src/test/shared/errors.test.ts|551 col 13-27| isNetworkError(awsClientResponseError),
packages/core/src/test/shared/errors.test.ts|558 col 32-46| assert.deepStrictEqual(isNetworkError(err), true, 'Did not indicate ENOENT error as network error')
packages/core/src/test/shared/errors.test.ts|562 col 32-46| assert.deepStrictEqual(isNetworkError(ebusyErr), true, 'Did not indicate EBUSY error as network error')
packages/core/src/test/shared/errors.test.ts|567 col 32-46| assert.deepStrictEqual(isNetworkError(reponseCodeErr), true, 'Did not indicate 502 error as network error')
packages/core/src/test/shared/errors.test.ts|571 col 13-27| isNetworkError(reponseCodeErr),
@justinmk3 justinmk3 added the bug Something isn't working label Feb 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working server: aws-lsp-identity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@volodkevych @justinmk3