Changed the default value of SSOAWSCredentialsOptions.SupportsGettingNewToken as false and improved error messaging if required SSO options are missing while generating new credentials.

Author: ashishdhingra

generator/.DevConfigs/b39b85e0-42cc-4aac-a699-8dd1795a5fb0.json

@@ -0,0 +1,9 @@
+{
+ "core": {
+ "changeLogMessages": [
+ "Changed the default value of SSOAWSCredentialsOptions.SupportsGettingNewToken as false and improved error messaging if required SSO options are missing while generating new credentials."
+ ],
+ "type": "patch",
+ "updateMinimum": true
+ }
+}

sdk/src/Core/Amazon.Runtime/Credentials/Internal/_bcl+netstandard/SSOTokenManager.cs

@@ -15,6 +15,7 @@
 
 using System;
 using System.Collections.Concurrent;
+using System.Collections.Generic;
 using System.Net;
 using System.Threading;
 using System.Threading.Tasks;
@@ -484,7 +485,8 @@ public async Task<SsoToken> GetTokenAsync(SSOTokenManagerGetTokenOptions options
  }
  catch (Exception ex)
  {
- _logger.Error(ex, $"Refreshing SSOToken for [{options.Session}] failed: {ex.Message}");
+ // Exception message from SSOIDC client has text along with HTTP Body as JSON string.
+ _logger.Error(ex, $"Refreshing SSOToken for [{options.Session}] failed: {ex.Message.Replace("{", "{{").Replace("}", "}}")}");
  if (ssoToken.IsExpired() && options.SupportsGettingNewToken)
  {
  return await GenerateNewTokenAsync(options, cancellationToken).ConfigureAwait(false);
@@ -612,24 +614,11 @@ public async Task LogoutAsync(SSOTokenManagerGetTokenOptions options, Cancellati
 
  private async Task<SsoToken> GenerateNewTokenAsync(SSOTokenManagerGetTokenOptions options, CancellationToken cancellationToken = default)
  {
- if (string.IsNullOrEmpty(options.ClientName))
- {
- throw new ArgumentNullException($"Options property cannot be empty: {nameof(options.ClientName)}");
- }
+ var emptyProperties = GetEmptySSOTokenOptions(options);
 
- if (options.PkceFlowOptions == null)
- {
- if (options.SsoVerificationCallback == null)
- {
- throw new ArgumentNullException($"Options property cannot be empty: {nameof(options.SsoVerificationCallback)}");
- }
- }
- else
+ if (emptyProperties.Count > 0)
  {
- if (options.PkceFlowOptions.RetrieveAuthorizationCodeCallbackAsync == null)
- {
- throw new ArgumentNullException($"Options property cannot be empty: {nameof(options.PkceFlowOptions.RetrieveAuthorizationCodeCallbackAsync)}");
- }
+ throw new AmazonClientException($"Error generating new SSO token. Options properties cannot be empty: {string.Join(", ", emptyProperties)}");
  }
 
  var request = new GetSsoTokenRequest
@@ -664,6 +653,33 @@ private async Task<SsoToken> GenerateNewTokenAsync(SSOTokenManagerGetTokenOption
 
  return token;
  }
+
+ private List<string> GetEmptySSOTokenOptions(SSOTokenManagerGetTokenOptions options)
+ {
+ var emptyProperties = new List<string>();
+
+ if (string.IsNullOrEmpty(options.ClientName))
+ {
+ emptyProperties.Add(nameof(options.ClientName));
+ }
+
+ if (options.PkceFlowOptions == null)
+ {
+ if (options.SsoVerificationCallback == null)
+ {
+ emptyProperties.Add(nameof(options.SsoVerificationCallback));
+ }
+ }
+ else
+ {
+ if (options.PkceFlowOptions.RetrieveAuthorizationCodeCallbackAsync == null)
+ {
+ emptyProperties.Add(nameof(options.PkceFlowOptions.RetrieveAuthorizationCodeCallbackAsync));
+ }
+ }
+
+ return emptyProperties;
+ }
 #endif
 
  private static SsoToken MapGetSsoTokenResponseToSsoToken(GetSsoTokenResponse response, string session)

sdk/src/Core/Amazon.Runtime/Credentials/_bcl+netstandard/SSOAWSCredentialsOptions.cs

@@ -94,7 +94,7 @@ public class SSOAWSCredentialsOptions
  /// NOTE: If setting to <c>true</c>, either <see cref="SsoVerificationCallback"/> or <see cref="PkceFlowOptions"/> must 
  /// also be set for authorization flow to succeed.
  /// </summary>
- public bool SupportsGettingNewToken { get; set; } = true;
+ public bool SupportsGettingNewToken { get; set; } = false;
 
  /// <summary>
  /// The proxy settings to use when calling SSOOIDC and SSO Services.