DEV Community

Cover image for Error when retrieving token from sso Token has expired and refresh failed
Joao Marques
Joao Marques

Posted on

Error when retrieving token from sso Token has expired and refresh failed

#aws #sso

Working with AWS services often involves authentication using AWS Single Sign-On (SSO). While AWS CLI simplifies this process, you may occasionally encounter the following error:

Error when retrieving token from sso: Token has expired and refresh failed
Enter fullscreen mode Exit fullscreen mode

This error indicates that your SSO session token has expired, and AWS CLI couldn't refresh it automatically. Let's explore why this happens and how you can resolve it.

Why Does This Error Occur?

AWS SSO tokens are temporary credentials that expire after a set period, usually defined by your organization's policies. When the token expires, AWS CLI attempts to refresh it. However, if the refresh attempt fails—perhaps due to a network issue, an expired session, or corrupted cached credentials—you'll see this error.

How to Fix It

1 - Re-authenticate with AWS SSO.

The quickest way to resolve this error is to re-authenticate your AWS SSO session. Use the following command:

aws sso login
Enter fullscreen mode Exit fullscreen mode

This command will open your default browser, prompting you to log in and refresh your session token.

2 - Retry Your Original Command

After re-authenticating, retry the command that triggered the error.

3 - Clear Cached Tokens

If re-authentication doesn’t work, your cached SSO tokens might be corrupted. Clear them manually:

delete the folder: ~/.aws/sso/cache/

or execute this if you are lazy:

rm -rf ~/.aws/sso/cache/
Enter fullscreen mode Exit fullscreen mode

4 - Check AWS CLI Version

Older versions of AWS CLI might have issues with SSO token management. Check your AWS CLI version with this command:

aws --version
Enter fullscreen mode Exit fullscreen mode

and analyse if you can update it for the latest.

My view

Running into the "Token has expired and refresh failed" error can be frustrating, especially when you're in the middle of an important task. Luckily, the fix is usually straightforward: re-authenticate your session or clear the cache. Taking a few extra steps, like keeping your AWS CLI updated or automating token management, can help you avoid these interruptions in the future.

Remember, AWS is designed to make things easier, not harder! If you run into this error, don’t panic. Follow the steps outlined here, and you’ll be back on track in no time.

Top comments (2)

Collapse
 
jangelodev profile image
João Angelo

Hi Joao Marques,
Top 5, very nice and helpful !
Thanks for sharing.

Collapse
 
joaomarques profile image
Joao Marques

Thank you so much joao!

Read next

nivekalara237 profile image

How to combine SQS and SNS to implement multiple Consumers (Part 2)

Kevin Lactio Kemta -

karthiksakthiveltechie profile image

AWS Network Load Balancer, cross-zone enabled now supports zonal shift and zonal auto-shift

Karthik Sakthivel -

wallacefreitas profile image

Techniques to Save Costs Using AWS Lambda Functions with CDK

Wallace Freitas -

rodrigofrs13 profile image

Creating a simple and fast EKS Cluster

Rodrigo Fernandes -