[GH-ISSUE #1931] Add AWS SSO Authentifcation #970

New issue

Closed

opened 2026-03-04 01:50:19 +03:00 by kerem · 4 comments

kerem commented

2026-03-04 01:50:19 +03:00

Owner

Originally created by @VivienMoretto87 on GitHub (Apr 8, 2022).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/1931

Hi,

I need to integrate the AWS SSO authentifcation in s3fs. I have just checked the opensource project aws-cli (SSOCredentialFetcher in credentials.py in the project https://github.com/aws/aws-cli/tree/v2/awscli ) and the s3fs seems not to be compatible with this kind of authentication.

I have modified the code :

get the cache json file with SSO credentials (it is the result sha1 of a json file { 'startUrl': self._start_url, 'roleName': self._role_name, 'accountId': self._account_id })
get credentials for the cache json file (parse the json with nlohmann library )

It seems to work.

Can you tell if it is possible to contribute the community by pushing my code and give some advises to have a clearer implementation ?

Regards,

Originally created by @VivienMoretto87 on GitHub (Apr 8, 2022). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/1931 Hi, I need to integrate the AWS SSO authentifcation in s3fs. I have just checked the opensource project aws-cli (SSOCredentialFetcher in credentials.py in the project https://github.com/aws/aws-cli/tree/v2/awscli ) and the s3fs seems not to be compatible with this kind of authentication. I have modified the code : - get the cache json file with SSO credentials (it is the result sha1 of a json file { 'startUrl': self._start_url, 'roleName': self._role_name, 'accountId': self._account_id }) - get credentials for the cache json file (parse the json with nlohmann library ) It seems to work. Can you tell if it is possible to contribute the community by pushing my code and give some advises to have a clearer implementation ? Regards,

kerem closed this issue

2026-03-04 01:50:19 +03:00

kerem commented

2026-03-04 01:50:20 +03:00

Author

Owner

@ggtakec commented on GitHub (Apr 10, 2022):

@VivienMoretto87 Thanks for your kindness.
s3fs-fuse doesn't currently support SSO authentication, so we'd appreciate it if you could make a PullRequest.
After that, @gaul and I will be able to review it.

As a solution to this problem, I am now submitting another PR (#1927).
This PR is the code to delegate the authentication process to an external DSO.
I think that combining this PR code with the DSO( https://github.com/ggtakec/s3fs-fuse-awscred-lib) should enable AWS SSO authentication.
This DSO just calls aws-sdk-cpp and it does the same authentication process as awscli and can get the tokens it needs.

If you are interested, I would be grateful if you could try # 1927 as well.

@ggtakec commented on GitHub (Apr 10, 2022): @VivienMoretto87 Thanks for your kindness. s3fs-fuse doesn't currently support SSO authentication, so we'd appreciate it if you could make a PullRequest. After that, @gaul and I will be able to review it. As a solution to this problem, I am now submitting another PR (#1927). This PR is the code to delegate the authentication process to an external DSO. I think that combining this PR code with the DSO( https://github.com/ggtakec/s3fs-fuse-awscred-lib) should enable AWS SSO authentication. This DSO just calls aws-sdk-cpp and it does the same authentication process as awscli and can get the tokens it needs. If you are interested, I would be grateful if you could try # 1927 as well.

kerem commented

2026-03-04 01:50:20 +03:00

Author

Owner

@VivienMoretto87 commented on GitHub (Apr 10, 2022):

Thank you for the answer, I will push my code. I tested it Friday and it seems to work (other authentication too).

Regards,
Vivien

@VivienMoretto87 commented on GitHub (Apr 10, 2022): Thank you for the answer, I will push my code. I tested it Friday and it seems to work (other authentication too). Regards, Vivien

kerem commented

2026-03-04 01:50:20 +03:00

Author

Owner

@Emru1 commented on GitHub (Sep 13, 2022):

Hey, can we expect this feature any time soon?
Looking forward to it

@Emru1 commented on GitHub (Sep 13, 2022): Hey, can we expect this feature any time soon? Looking forward to it

kerem commented

2026-03-04 01:50:20 +03:00

Author

Owner

@ggtakec commented on GitHub (Mar 19, 2023):

#1927 adds credlib and credlib_ops options.
Authentication not currently supported by s3fs can be supported by specifying a dedicated DSO for these options.
Please try to create your own DSO or use a trusted one.
I provide https://github.com/ggtakec/s3fs-fuse-awscred-lib which can cover all AWS authentication.

We will continue to add support for AWS and other cloud-based authentication, but for now please try to use the above DSO for AWS authentication which are not supported by s3fs.

@ggtakec commented on GitHub (Mar 19, 2023): #1927 adds `credlib` and `credlib_ops` options. Authentication not currently supported by s3fs can be supported by specifying a dedicated DSO for these options. Please try to create your own DSO or use a trusted one. I provide https://github.com/ggtakec/s3fs-fuse-awscred-lib which can cover all AWS authentication. We will continue to add support for AWS and other cloud-based authentication, but for now please try to use the above DSO for AWS authentication which are not supported by s3fs.

kerem referenced this issue

2026-03-04 02:01:54 +03:00

[PR #970] [MERGED] Remove from file from stat cache during rename #1735