Don't use authorization_grant for non-commerical regions or legacy sso (#4468)

rli · web-flow · commit c137de900798 · 2024-05-13T17:42:43.000-07:00
* Don't use `authorization_grant` for non-commerical regions or legacy sso

Requests will fail on service side

* Update SsoAccessTokenProvider.kt

* changelog
diff --git a/.changes/next-release/bugfix-d292b6b8-2f2d-4937-ab51-73e9aa47bab0.json b/.changes/next-release/bugfix-d292b6b8-2f2d-4937-ab51-73e9aa47bab0.json
@@ -0,0 +1,4 @@
+{
+  "type" : "bugfix",
+  "description" : "Don't use `authorization_grant` when performing SSO login with legacy SSO or non-commercial AWS regions"
+}
diff --git a/plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProvider.kt b/plugins/core/jetbrains-community/src/software/aws/toolkits/jetbrains/core/credentials/sso/SsoAccessTokenProvider.kt
@@ -102,7 +102,8 @@ class SsoAccessTokenProvider(
             return it
         }
 
-        val token = if (isNewAuthPkce) {
+        val isCommercialRegion = !ssoRegion.startsWith("us-gov") && !ssoRegion.startsWith("us-iso") && !ssoRegion.startsWith("cn")
+        val token = if (isCommercialRegion && isNewAuthPkce && scopes.isNotEmpty()) {
             pollForPkceToken()
         } else {
             pollForDAGToken()

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +  "type" : "bugfix",
 +  "description" : "Don't use `authorization_grant` when performing SSO login with legacy SSO or non-commercial AWS regions"
 +}
Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,8 @@ class SsoAccessTokenProvider(`
`102`	`102`	`return it`
`103`	`103`	`}`
`104`	`104`
`105`		`- val token = if (isNewAuthPkce) {`
	`105`	`+ val isCommercialRegion = !ssoRegion.startsWith("us-gov") && !ssoRegion.startsWith("us-iso") && !ssoRegion.startsWith("cn")`
	`106`	`+ val token = if (isCommercialRegion && isNewAuthPkce && scopes.isNotEmpty()) {`
`106`	`107`	`pollForPkceToken()`
`107`	`108`	`} else {`
`108`	`109`	`pollForDAGToken()`