Can't authenticate with SSO

[pwithams]

I'm not sure if I'm just not using the secret correctly but I seem unable to authenticate using SSO.

I have an ~/.aws directory with a config file with SSO profiles, and an sso directory with cached tokens each time I login with ~aws sso login --profile ...`

CLI works fine and I have tried a few different combinations both locally and in AWS with no success. I'm currently injecting frozen credentials from boto3, which works as a temporary fix.

Specific error:

CREATE OR REPLACE SECRET secret (
    TYPE s3,
    PROVIDER credential_chain
);

Invalid configuration error:
Secret Validation Failure: during `create` using the following:
Credential chain: 'config'

v1.4.2

Same error for the other combinations (i.e
CHAIN 'sso') and it just fails later during operations if validation is skipped.

Should I expect credential_chain to work in this case? Or is it just not supported yet?

I'm happy to try debug this locally from source and submit a PR, but wasn't sure what the ideal local development workflow is for that - seems I need this repo, DuckDB repo, and the httpfs repo? Presumably all at a certain release tag?

Thanks.

[cas--]

Sounds like the same as my issue: #124

[pwithams]

Sounds like the same as my issue: #124

Yeah it does. My workarounds right now are copy/pasting env vars from the SSO login page to the terminal and then using credential chain if using via CLI, or using boto3.Session().get_credentials().get_frozen_credentials() then inserting those in the CREATE SECRET statement as KEY_ID, SECRET, SESSION_TOKEN and skipping credential chain completely for Python.

[cas--]

Ah interesting, we are currently working around it by exporting vars

aws sso login --profile dev
eval $(aws configure export-credentials --format env --profile=dev)
duckdb