[PR #68] feat(auth): add KIRO_CLI_API_REGION env var for kiro-cli API region override #69

New issue

Open

opened 2026-02-27 07:17:49 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 07:17:49 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/jwadow/kiro-gateway/pull/68
Author: @Publicker
Created: 2/6/2026
Status: 🔄 Open

Base: main ← Head: feat/kiro-cli-api-region

📝 Commits (1)

776cfb3 feat(auth): add KIRO_CLI_API_REGION env var for kiro-cli API region override

📊 Changes

3 files changed (+25 additions, -0 deletions)

View changed files

📝 .env.example (+5 -0)
📝 kiro/auth.py (+14 -0)
📝 kiro/config.py (+6 -0)

📄 Description

Summary

Adds support for configuring a separate API region for kiro-cli (AWS SSO OIDC) authentication via the KIRO_CLI_API_REGION environment variable.

Problem

When using kiro-cli credentials (SQLite database), the SSO region (e.g., us-east-1) may differ from the API region where the Q service is hosted (e.g., eu-central-1). This can result in 403 "User is not authorized" errors.

Solution

Added KIRO_CLI_API_REGION environment variable to config.py
When set, overrides the API region for kiro-cli auth while preserving the SSO region for token refresh
By default (empty), uses KIRO_REGION for both SSO and API (no behavior change)

Usage

# Only needed if experiencing 403 errors with kiro-cli credentials
KIRO_CLI_API_REGION="eu-central-1"

Changes

kiro/config.py: Added KIRO_CLI_API_REGION config
kiro/auth.py: Updated _detect_auth_type() to apply region override when set
.env.example: Documented the new option

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/jwadow/kiro-gateway/pull/68 **Author:** [@Publicker](https://github.com/Publicker) **Created:** 2/6/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `feat/kiro-cli-api-region` --- ### 📝 Commits (1) - [`776cfb3`](https://github.com/jwadow/kiro-gateway/commit/776cfb306e4e5758dfa3f1530dc39a9c98ccc4cc) feat(auth): add KIRO_CLI_API_REGION env var for kiro-cli API region override ### 📊 Changes **3 files changed** (+25 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `.env.example` (+5 -0) 📝 `kiro/auth.py` (+14 -0) 📝 `kiro/config.py` (+6 -0) </details> ### 📄 Description ## Summary Adds support for configuring a separate API region for kiro-cli (AWS SSO OIDC) authentication via the `KIRO_CLI_API_REGION` environment variable. ## Problem When using kiro-cli credentials (SQLite database), the SSO region (e.g., `us-east-1`) may differ from the API region where the Q service is hosted (e.g., `eu-central-1`). This can result in 403 "User is not authorized" errors. ## Solution - Added `KIRO_CLI_API_REGION` environment variable to `config.py` - When set, overrides the API region for kiro-cli auth while preserving the SSO region for token refresh - By default (empty), uses `KIRO_REGION` for both SSO and API (no behavior change) ## Usage ```bash # Only needed if experiencing 403 errors with kiro-cli credentials KIRO_CLI_API_REGION="eu-central-1" ``` ## Changes - `kiro/config.py`: Added `KIRO_CLI_API_REGION` config - `kiro/auth.py`: Updated `_detect_auth_type()` to apply region override when set - `.env.example`: Documented the new option --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>