Fix SSO authentication polling to properly handle AuthorizationPendingException

chaitan94 · claude · chaitan94 · commit 1d25235dd517 · 2025-07-31T00:15:02.000+05:30
The previous implementation was incorrectly treating AuthorizationPendingException as a fatal error instead of continuing to poll for authorization completion. Changes: - Import proper AWS SDK v2 error types for SSO OIDC - Use typed error checking with errors.As() instead of string matching - Handle AuthorizationPendingException and SlowDownException correctly - Add fallback string matching for compatibility - Include user-friendly polling status messages - Continue polling until user completes browser authorization This fixes the authentication flow where users would click "Allow" in the browser but the CLI would exit with an error instead of completing the login process. Tested with real AWS SSO instance and confirmed working end-to-end: - Device authorization flow starts correctly - Browser opens with verification URL and code - Polling continues while waiting for user authorization - Successfully completes login once user approves in browser - Token is cached for subsequent operations 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/awsssolib/sso.go b/awsssolib/sso.go
@@ -2,13 +2,16 @@ package awsssolib
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/sso"
 	"github.com/aws/aws-sdk-go-v2/service/ssooidc"
+	"github.com/aws/aws-sdk-go-v2/service/ssooidc/types"
 )
 
 const (
@@ -343,7 +346,21 @@ func performDeviceAuthorization(ctx context.Context, input LoginInput) (*Token,
 			
 			if err != nil {
 				// Check if it's an authorization pending error
-				if err.Error() == "AuthorizationPendingException" {
+				var authPendingErr *types.AuthorizationPendingException
+				var slowDownErr *types.SlowDownException
+				
+				if errors.As(err, &authPendingErr) {
+					// Authorization is still pending, continue polling
+					fmt.Printf("Waiting for authorization... (polling every %d seconds)\n", authResp.Interval)
+					continue
+				} else if errors.As(err, &slowDownErr) {
+					// Slow down the polling as requested by the server
+					fmt.Printf("Slowing down polling as requested by server...\n")
+					time.Sleep(time.Duration(authResp.Interval) * time.Second)
+					continue
+				} else if strings.Contains(err.Error(), "AuthorizationPendingException") {
+					// Fallback string check for older SDK versions
+					fmt.Printf("Waiting for authorization... (polling every %d seconds)\n", authResp.Interval)
 					continue
 				}
 				return nil, fmt.Errorf("failed to create token: %w", err)
