Remove retry and show original error when assuming role with web identity fails.

Author: dkocher

s3/src/main/java/ch/cyberduck/core/sts/STSAssumeRoleWithWebIdentityCredentialsStrategy.java

@@ -21,7 +21,6 @@
 import ch.cyberduck.core.Profile;
 import ch.cyberduck.core.TemporaryAccessTokens;
 import ch.cyberduck.core.exception.BackgroundException;
-import ch.cyberduck.core.exception.LoginFailureException;
 import ch.cyberduck.core.oauth.OAuth2RequestInterceptor;
 import ch.cyberduck.core.preferences.ProxyPreferencesReader;
 import ch.cyberduck.core.s3.S3CredentialsStrategy;
@@ -54,14 +53,7 @@ public STSAssumeRoleWithWebIdentityCredentialsStrategy(final OAuth2RequestInterc
     @Override
     public TemporaryAccessTokens refresh(final Credentials credentials) throws BackgroundException {
         final String arn = new ProxyPreferencesReader(host, credentials).getProperty(Profile.STS_ROLE_ARN_PROPERTY_KEY, "s3.assumerole.rolearn");
-        try {
-            log.debug("Retrieve temporary credentials with {} for role ARN {}", credentials, arn);
-            return this.assumeRoleWithWebIdentity(oauth.validate(credentials.getOauth()), arn);
-        }
-        catch(LoginFailureException e) {
-            // Expired or invalid OAuth tokens
-            log.warn("Failure {} authorizing. Retry with refreshed OAuth tokens", e.getMessage());
-            return this.assumeRoleWithWebIdentity(oauth.authorize(), arn);
-        }
+        log.debug("Retrieve temporary credentials with {} for role ARN {}", credentials, arn);
+        return this.assumeRoleWithWebIdentity(oauth.validate(credentials.getOauth()), arn);
     }
 }

s3/src/test/java/ch/cyberduck/core/sts/AssumeRoleWithWebIdentityAuthenticationTest.java

@@ -131,7 +131,7 @@ public void testTokenRefresh() throws BackgroundException, InterruptedException
      * Fetch OpenID Connect Id token initially fails because of invalid refresh token. Must re-run OAuth flow.
      */
     @Test
-    public void testLoginInvalidOAuthTokensLogin() throws Exception {
+    public void testLoginInvalidOAuthTokens() throws Exception {
         final Protocol profile = new ProfilePlistReader(new ProtocolFactory(new HashSet<>(Collections.singleton(new S3Protocol())))).read(
                 AbstractAssumeRoleWithWebIdentityTest.class.getResourceAsStream("/S3 (OIDC).cyberduckprofile"));
         final Credentials credentials = new Credentials("rouser", "rouser")
@@ -146,12 +146,7 @@ public void testLoginInvalidOAuthTokensLogin() throws Exception {
         assertNotNull(session.open(new DisabledProxyFinder(), new DisabledHostKeyCallback(), new DisabledLoginCallback(), new DisabledCancelCallback()));
         assertTrue(session.isConnected());
         assertNotNull(session.getClient());
-        session.login(new DisabledLoginCallback(), new DisabledCancelCallback());
-        assertNotEquals(OAuthTokens.EMPTY, credentials.getOauth());
-        assertNotEquals(TemporaryAccessTokens.EMPTY, credentials.getTokens());
-        credentials.setOauth(OAuthTokens.EMPTY).setTokens(TemporaryAccessTokens.EMPTY);
-        new S3BucketListService(session).list(
-                new Path(String.valueOf(Path.DELIMITER), EnumSet.of(Path.Type.volume, Path.Type.directory)), new DisabledListProgressListener());
+        assertThrows(LoginFailureException.class, () -> session.login(new DisabledLoginCallback(), new DisabledCancelCallback()));
     }
 
     /**