From f5498c3ac4f3d1d36cbda6f531a274834e3657a0 Mon Sep 17 00:00:00 2001
From: nkomonen-amazon <nkomonen@amazon.com>
Date: Fri, 13 Dec 2024 11:46:08 -0500
Subject: [PATCH 1/2] fix(auth): SSO failed to get token due to missing
 'refreshToken'

Problem:

Error users were seeing was:

```
Error: SSO cache data unexpectedly missing props: ["refreshToken"]
```

This was due to a check in a previos PR that assumed the refreshToken
was always present in SSO cache.

Solution:

It looks like the refreshToken does not exist for all cases, so some research needs
to be done.

But for now this reverts the check that the refreshToken exists, but it keeps the validation
that the accessToken exists since that is always guaranteed.

Signed-off-by: nkomonen-amazon <nkomonen@amazon.com>
---
 packages/core/src/auth/sso/cache.ts                 | 13 ++++++-------
 .../core/src/test/credentials/sso/cache.test.ts     |  1 -
 .../credentials/sso/ssoAccessTokenProvider.test.ts  |  1 -
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/packages/core/src/auth/sso/cache.ts b/packages/core/src/auth/sso/cache.ts
index 56fccb0d63f..a9cdfa43ce0 100644
--- a/packages/core/src/auth/sso/cache.ts
+++ b/packages/core/src/auth/sso/cache.ts
@@ -10,7 +10,7 @@ import { getLogger } from '../../shared/logger/logger'
 import fs from '../../shared/fs/fs'
 import { createDiskCache, KeyedCache, mapCache } from '../../shared/utilities/cacheUtils'
 import { stripUndefined } from '../../shared/utilities/collectionUtils'
-import { getMissingProps, hasProps, selectFrom } from '../../shared/utilities/tsUtils'
+import { hasProps, selectFrom } from '../../shared/utilities/tsUtils'
 import { SsoToken, ClientRegistration } from './model'
 import { DevSettings } from '../../shared/settings'
 import { onceChanged } from '../../shared/utilities/functionUtils'
@@ -79,6 +79,11 @@ export function getTokenCache(directory = getCacheDir()): KeyedCache<SsoAccess>
         }
 
     function read(data: StoredToken): SsoAccess {
+        // Validate data is not missing. Since the input data is passed directly from whatever is on disk.
+        if (!hasProps(data, 'accessToken')) {
+            throw new ToolkitError(`SSO cache data looks malformed`)
+        }
+
         const registration = hasProps(data, 'clientId', 'clientSecret', 'registrationExpiresAt')
             ? {
                   ...selectFrom(data, 'clientId', 'clientSecret', 'scopes', 'startUrl'),
@@ -93,12 +98,6 @@ export function getTokenCache(directory = getCacheDir()): KeyedCache<SsoAccess>
 
         stripUndefined(token)
 
-        // Validate data is not missing.
-        const missingProps = getMissingProps(token, 'accessToken', 'refreshToken')
-        if (missingProps.length > 0) {
-            throw new ToolkitError(`SSO cache data unexpectedly missing props: ${JSON.stringify(missingProps)}`)
-        }
-
         return {
             token,
             registration,
diff --git a/packages/core/src/test/credentials/sso/cache.test.ts b/packages/core/src/test/credentials/sso/cache.test.ts
index 9feac195ac4..5222fe9e0fb 100644
--- a/packages/core/src/test/credentials/sso/cache.test.ts
+++ b/packages/core/src/test/credentials/sso/cache.test.ts
@@ -27,7 +27,6 @@ describe('SSO Cache', function () {
     const validToken = {
         accessToken: 'longstringofrandomcharacters',
         expiresAt: new Date(Date.now() + hourInMs),
-        refreshToken: 'dummyRefreshToken',
     } as SsoToken
 
     beforeEach(async function () {
diff --git a/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts b/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts
index d284ac4668b..b662556e0aa 100644
--- a/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts
+++ b/packages/core/src/test/credentials/sso/ssoAccessTokenProvider.test.ts
@@ -45,7 +45,6 @@ describe('SsoAccessTokenProvider', function () {
         return {
             accessToken: 'dummyAccessToken',
             expiresAt: new clock.Date(clock.Date.now() + timeDelta),
-            refreshToken: 'dummyRefreshToken',
             ...extras,
         }
     }

From cd1c8021316bc62f543706bd9a8b9cd9f96e8268 Mon Sep 17 00:00:00 2001
From: nkomonen-amazon <nkomonen@amazon.com>
Date: Fri, 13 Dec 2024 12:02:38 -0500
Subject: [PATCH 2/2] changelog item

Signed-off-by: nkomonen-amazon <nkomonen@amazon.com>
---
 .../Bug Fix-7cb802f6-498a-4442-ae88-399eaec1d9a5.json         | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 packages/toolkit/.changes/next-release/Bug Fix-7cb802f6-498a-4442-ae88-399eaec1d9a5.json

diff --git a/packages/toolkit/.changes/next-release/Bug Fix-7cb802f6-498a-4442-ae88-399eaec1d9a5.json b/packages/toolkit/.changes/next-release/Bug Fix-7cb802f6-498a-4442-ae88-399eaec1d9a5.json
new file mode 100644
index 00000000000..28b5d0a26ee
--- /dev/null
+++ b/packages/toolkit/.changes/next-release/Bug Fix-7cb802f6-498a-4442-ae88-399eaec1d9a5.json	
@@ -0,0 +1,4 @@
+{
+	"type": "Bug Fix",
+	"description": "Auth: SSO failed to missing refreshToken"
+}