MCPcopy
hub / github.com/codeaashu/claude-code / runAwsAuthRefresh

Function runAwsAuthRefresh

src/utils/auth.ts:612–644  ·  view source on GitHub ↗

* Run awsAuthRefresh to perform interactive authentication (e.g., aws sso login) * Streams output in real-time for user visibility

()

Source from the content-addressed store, hash-verified

610 * Streams output in real-time for user visibility
611 */
612async function runAwsAuthRefresh(): Promise<boolean> {
613 const awsAuthRefresh = getConfiguredAwsAuthRefresh()
614
615 if (!awsAuthRefresh) {
616 return false // Not configured, treat as success
617 }
618
619 // SECURITY: Check if awsAuthRefresh is from project settings
620 if (isAwsAuthRefreshFromProjectSettings()) {
621 // Check if trust has been established for this project
622 const hasTrust = checkHasTrustDialogAccepted()
623 if (!hasTrust && !getIsNonInteractiveSession()) {
624 const error = new Error(
625 `Security: awsAuthRefresh executed before workspace trust is confirmed. If you see this message, post in ${MACRO.FEEDBACK_CHANNEL}.`,
626 )
627 logAntError('awsAuthRefresh invoked before trust check', error)
628 logEvent('tengu_awsAuthRefresh_missing_trust', {})
629 return false
630 }
631 }
632
633 try {
634 logForDebugging('Fetching AWS caller identity for AWS auth refresh command')
635 await checkStsCallerIdentity()
636 logForDebugging(
637 'Fetched AWS caller identity, skipping AWS auth refresh command',
638 )
639 return false
640 } catch {
641 // only actually do the refresh if caller-identity calls
642 return refreshAwsAuth(awsAuthRefresh)
643 }
644}
645
646// Timeout for AWS auth refresh command (3 minutes).
647// Long enough for browser-based SSO flows, short enough to prevent indefinite hangs.

Callers 1

auth.tsFile · 0.85

Calls 9

logAntErrorFunction · 0.85
logEventFunction · 0.85
logForDebuggingFunction · 0.85
checkStsCallerIdentityFunction · 0.85
refreshAwsAuthFunction · 0.85

Tested by

no test coverage detected