Skip to content

unable to get role credentials / session token not found or invalid #1238

New issue
New issue
Open
Open
unable to get role credentials / session token not found or invalid#1238
Labels
bugSomething isn't working
@synfinatic

Description

@synfinatic
synfinatic
opened on Jul 9, 2025

Output of aws-sso version:

AWS SSO CLI Version 2.0.3 -- Copyright 2021-2025 Aaron Turner
Homebrew (2.0.3) built at 2025-05-29T15:07:31Z

Describe the bug:

Seems to work fine, but then after a few hours I'm not able to fetch new session tokens. Seems to be an issue querying AWS?

To Reproduce:

  1. aws-sso login
  3. aws-sso console/etc

Expected behavior:

Fetch the credentials and do the needful since my session is still valid.

$ aws-sso list
List of AWS roles for SSO Instance: Default [Expires in: 2h 40m]
<snip>

Screenshots:

DEBUG loading SSO retries=10 maxBackoff=5
DEBUG Will not override current AWS_DEFAULT_REGION region=us-east-1
DEBUG Getting role credentials arn=arn:aws:iam::224663188388:role/SSO-AdministratorAccessLab
DEBUG Fetching STS token from AWS SSO
DEBUG SSOConfig.GetRole() error="unable to find 224663188388:SSO-AdministratorAccessLab" config="&{settings:0x140003602c8 key:Default SSORegion:us-east-1 StartUrl:https://d-90676a1dc9.awsapps.com/start Accounts:map[117396793831:0x140003b1940 187640475002:0x140003b1840 224663188388:0x140003b1900 251417496173:0x140003b18c0 715704240340:0x140003b1880] DefaultRegion:us-east-1 AuthUrlAction:open MaxBackoff:5 MaxRetry:10}"
DEBUG Getting role directly accountID=224663188388 role=SSO-AdministratorAccessLab
FATAL Unable to get role credentials arn=arn:aws:iam::224663188388:role/SSO-AdministratorAccessLab error="operation error SSO: GetRoleCredentials, https response error StatusCode: 401, RequestID: a1cb614d-be3c-411d-9b7e-02aa345b5d29, UnauthorizedException: Session token not found or invalid"

Additional errors:

$ aws-sso cache
ERROR AccessToken Unauthorized Error; refreshing error="operation error SSO: ListAccounts, https response error StatusCode: 401, RequestID: 08d8c6ce-0584-4102-af2d-12cb934f19af, UnauthorizedException: Session token not found or invalid"

	Verify this code in your browser: DSHH-GPXT

Desktop (please complete the following information):

  • OS: [e.g. macOS]
  • Version [e.g. 10.15.5]

Additional context:
Add any other context about the problem here.

Contents of ~/.aws-sso/config.yaml:

File contents go here...

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions