fix: UTF-8 encoding for MCP config files (#10452) and --redirect-port for sso login (#10433)#10456
Open
Hardikrepo wants to merge 1 commit into
Open
fix: UTF-8 encoding for MCP config files (#10452) and --redirect-port for sso login (#10433)#10456Hardikrepo wants to merge 1 commit into
Hardikrepo wants to merge 1 commit into
Conversation
…redirect-port to sso login for SSH tunnel support (aws#10433) - agents.py: open MCP config files with encoding='utf-8' in both _read_mcp_config and _write_mcp_config to prevent UnicodeDecodeError on non-English Windows environments (e.g. Japanese CP932) when the config contains UTF-8 multibyte characters such as em-dash (U+2014) - utils.py: add redirect-port to LOGIN_ARGS; add port param to AuthCodeFetcher.__init__() and redirect_port param to do_sso_login() - login.py: resolve redirect_port from --redirect-port arg first, then fall back to sso_redirect_port config key, then random port - tests: regression tests for both fixes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix #10452 — MCP config files fail to read/write on non-English Windows (CP932 encoding)
Root cause:
DetectedAgent._read_mcp_config()and_write_mcp_config()inawscli/customizations/agenttoolkit/agents.pycalledopen()without specifyingan encoding. On non-English Windows (e.g. Japanese), Python defaults to the system
locale codec (CP932), which cannot decode UTF-8 multibyte characters such as the
em-dash (U+2014,
0xE2 0x80 0x94in UTF-8) commonly found in MCP config fileslike
~/.claude.json. This caused aUnicodeDecodeErrorand aborted theaws configure agent-toolkitflow.Fix: Explicitly pass
encoding='utf-8'to bothopen()calls so MCP configfiles are always read and written as UTF-8 regardless of the system locale.
Fix #10433 — Allow custom localhost port for PKCE redirect URI in
aws sso loginRoot cause: The PKCE callback server (
AuthCodeFetcher) always bound to arandomly assigned OS port (
HTTPServer(('', 0), ...)). Users on remote machinesaccessed over SSH cannot pre-configure port forwarding without knowing the port
in advance, forcing them to fall back to the less ergonomic
--use-device-codeflow.Fix:
--redirect-port <int>CLI argument toaws sso loginsso_redirect_portconfig key support in~/.aws/configunder[sso-session]AuthCodeFetcher.__init__()now accepts an optionalportparameter (default0preserves existing random-port behaviour)--redirect-portarg →sso_redirect_portconfig key → random portExample usage:
Or via
~/.aws/config:Files Changed
awscli/customizations/agenttoolkit/agents.pyencoding='utf-8'to bothopen()callsawscli/customizations/sso/utils.pyredirect-porttoLOGIN_ARGS; addportparam toAuthCodeFetcher; addredirect_portparam todo_sso_login()awscli/customizations/sso/login.pydo_sso_login()tests/unit/customizations/agenttoolkit/test_agents.pytests/unit/customizations/sso/test_utils.pydo_sso_login()Test plan
aws configure agent-toolkitcompletes without error on Japanese Windows when~/.claude.jsoncontains an em-dashaws sso login --redirect-port 34535binds callback server to port 34535aws sso loginwithout--redirect-portcontinues to use a random port (no regression)sso_redirect_port = 34535in~/.aws/configis honoured when--redirect-portis not specified