in src/Credentials/CredentialProvider.php [944:996]
private static function getSsoCredentialsLegacy($profiles, $ssoProfileName, $filename, $config)
{
$ssoProfile = $profiles[$ssoProfileName];
if (empty($ssoProfile['sso_start_url'])
|| empty($ssoProfile['sso_region'])
|| empty($ssoProfile['sso_account_id'])
|| empty($ssoProfile['sso_role_name'])
) {
return self::reject(
"Profile {$ssoProfileName} in {$filename} must contain the following keys: "
. "sso_start_url, sso_region, sso_account_id, and sso_role_name."
);
}
$tokenLocation = self::getHomeDir()
. '/.aws/sso/cache/'
. sha1($ssoProfile['sso_start_url'])
. ".json";
if (!@is_readable($tokenLocation)) {
return self::reject("Unable to read token file at $tokenLocation");
}
$tokenData = json_decode(file_get_contents($tokenLocation), true);
if (empty($tokenData['accessToken']) || empty($tokenData['expiresAt'])) {
return self::reject(
"Token file at {$tokenLocation} must contain an access token and an expiration"
);
}
try {
$expiration = (new DateTimeResult($tokenData['expiresAt']))->getTimestamp();
} catch (\Exception $e) {
return self::reject("Cached SSO credentials returned an invalid expiration");
}
$now = time();
if ($expiration < $now) {
return self::reject("Cached SSO credentials returned expired credentials");
}
$ssoCredentials = CredentialProvider::getCredentialsFromSsoService(
$ssoProfile,
$ssoProfile['sso_region'],
$tokenData['accessToken'],
$config
);
return Promise\Create::promiseFor(
new Credentials(
$ssoCredentials['accessKeyId'],
$ssoCredentials['secretAccessKey'],
$ssoCredentials['sessionToken'],
$expiration,
$ssoProfile['sso_account_id'],
CredentialSources::PROFILE_SSO_LEGACY
)
);
}