npm - @vizamodo/aws-sts-core - Versions diffs - 0.3.25 → 0.3.27 - Mend

@vizamodo/aws-sts-core 0.3.25 → 0.3.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/federation/login.js +20 -4
package/package.json +1 -1

package/dist/federation/login.js CHANGED Viewed

@@ -15,15 +15,31 @@ export async function buildFederationLoginUrl(input) {
     const encoded = encodeURIComponent(sessionJson);
     const SigninToken = await getCachedOrFetch(cacheKey, async () => {
         const tokenResp = await fetch(`https://signin.aws.amazon.com/federation?Action=getSigninToken&Session=${encoded}`);
+        if (!tokenResp.ok) {
+            // best-effort: skip cache, let caller retry upstream if needed
+            return "";
+        }
         const json = await tokenResp.json();
-        const token = json.SigninToken;
-        if (!token)
-            throw new Error("federation_failed");
+        const token = json?.SigninToken;
+        if (!token) {
+            // best-effort: skip cache
+            return "";
+        }
         // SigninToken TTL ~15 minutes (AWS behavior)
         const SIGNIN_TOKEN_TTL_SEC = 15 * 60;
-        return wrapResult(token, new Date(Date.now() + SIGNIN_TOKEN_TTL_SEC * 1000).toISOString());
+        // derive effective TTL = min(tokenTTL, credentialTTL)
+        const credRemainingSec = Math.floor((Date.parse(input.expiration) - Date.now()) / 1000);
+        const effectiveTtlSec = Math.min(SIGNIN_TOKEN_TTL_SEC, credRemainingSec);
+        // if credential too close to expiry → skip caching
+        if (effectiveTtlSec <= 0) {
+            return token;
+        }
+        return wrapResult(token, new Date(Date.now() + effectiveTtlSec * 1000).toISOString());
     }, { ttlSec: 60 } // fallback only if expiration invalid
     );
+    if (!SigninToken) {
+        throw new Error("[federation] unable to obtain SigninToken");
+    }
     const baseLogin = `https://signin.aws.amazon.com/federation?Action=login` +
         `&Issuer=viza` +
         `&SigninToken=${SigninToken}`;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vizamodo/aws-sts-core",
-  "version": "0.3.25",
+  "version": "0.3.27",
   "description": "Pure AWS STS + SigV4 (X509 Roles Anywhere) core logic",
   "type": "module",
   "main": "dist/index.js",