[PR #17] [CLOSED] fix(auth): reload SQLite credentials before token refresh #56

New issue

Closed

opened 2026-02-27 07:17:45 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 07:17:45 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/jwadow/kiro-gateway/pull/17
Author: @bhaskoro-muthohar
Created: 1/7/2026
Status: ❌ Closed

Base: main ← Head: fix/reload-sqlite-credentials-on-refresh

📝 Commits (2)

345a585 fix(auth): reload SQLite credentials before token refresh
eaa07e8 fix(auth): use JSON body with camelCase for AWS SSO OIDC refresh

📊 Changes

2 files changed (+34 additions, -36 deletions)

View changed files

📝 kiro_gateway/auth.py (+11 -13)
📝 tests/unit/test_auth_manager.py (+23 -23)

📄 Description

Problem

When using AWS SSO OIDC with kiro-cli, the gateway caches credentials at startup. If the user re-logs in via kiro-cli (e.g., after SSO token expiration), the new refresh_token is written to SQLite but the gateway keeps using the stale cached token, causing authentication failures.

This requires manually restarting the gateway after every kiro-cli re-login, which is inconvenient.

Solution

Re-read credentials from SQLite before attempting a token refresh in _refresh_token_aws_sso_oidc(). This ensures the gateway picks up fresh tokens after kiro-cli re-login without requiring a restart.

Changes

Added 3 lines to _refresh_token_aws_sso_oidc() to reload credentials from SQLite before refresh

Testing

All 59 existing auth manager tests pass
Manually verified SQLite reading works correctly

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/jwadow/kiro-gateway/pull/17 **Author:** [@bhaskoro-muthohar](https://github.com/bhaskoro-muthohar) **Created:** 1/7/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `fix/reload-sqlite-credentials-on-refresh` --- ### 📝 Commits (2) - [`345a585`](https://github.com/jwadow/kiro-gateway/commit/345a585f78cc3f5548d4779e4df9e02c2b80903c) fix(auth): reload SQLite credentials before token refresh - [`eaa07e8`](https://github.com/jwadow/kiro-gateway/commit/eaa07e880bbcea7d0c7db0cb25a0b289776050d3) fix(auth): use JSON body with camelCase for AWS SSO OIDC refresh ### 📊 Changes **2 files changed** (+34 additions, -36 deletions) <details> <summary>View changed files</summary> 📝 `kiro_gateway/auth.py` (+11 -13) 📝 `tests/unit/test_auth_manager.py` (+23 -23) </details> ### 📄 Description ## Problem When using AWS SSO OIDC with kiro-cli, the gateway caches credentials at startup. If the user re-logs in via kiro-cli (e.g., after SSO token expiration), the new `refresh_token` is written to SQLite but the gateway keeps using the stale cached token, causing authentication failures. This requires manually restarting the gateway after every kiro-cli re-login, which is inconvenient. ## Solution Re-read credentials from SQLite before attempting a token refresh in `_refresh_token_aws_sso_oidc()`. This ensures the gateway picks up fresh tokens after kiro-cli re-login without requiring a restart. ## Changes - Added 3 lines to `_refresh_token_aws_sso_oidc()` to reload credentials from SQLite before refresh ## Testing - All 59 existing auth manager tests pass - Manually verified SQLite reading works correctly --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>