Credentials: handling of nullable fields

cadivus · cadivus · commit 9b582ebbbf6b · 2026-03-03T16:57:20.000+01:00
diff --git a/packages/amplify_foundation/amplify_foundation_dart_bridge/lib/src/v2_credentials_provider_bridge.dart b/packages/amplify_foundation/amplify_foundation_dart_bridge/lib/src/v2_credentials_provider_bridge.dart
@@ -30,12 +30,28 @@ class V2CredentialsProviderBridge implements v3.AWSCredentialsProvider {
   @override
   Future<v3.AWSCredentials> resolve() async {
     final creds = await _v2Provider.retrieve();
-    if (creds.sessionToken != null) {
+    final sessionToken = creds.sessionToken;
+    final expiration = creds.expiration;
+
+    if (sessionToken != null && expiration == null) {
+      throw StateError(
+        'Credentials with a session token must include an expiration, '
+        'but expiration was null.',
+      );
+    }
+    if (sessionToken == null && expiration != null) {
+      throw StateError(
+        'Credentials with an expiration must include a session token, '
+        'but session token was null.',
+      );
+    }
+
+    if (sessionToken != null && expiration != null) {
       return v3.TemporaryCredentials(
         creds.accessKeyId,
         creds.secretAccessKey,
-        creds.sessionToken!,
-        creds.expiration ?? DateTime.now().add(const Duration(hours: 1)),
+        sessionToken,
+        expiration,
       );
     }
     return v3.StaticCredentials(creds.accessKeyId, creds.secretAccessKey);
diff --git a/packages/amplify_foundation/amplify_foundation_dart_bridge/test/v2_credentials_provider_bridge_test.dart b/packages/amplify_foundation/amplify_foundation_dart_bridge/test/v2_credentials_provider_bridge_test.dart
@@ -41,21 +41,35 @@ void main() {
       expect(temp.expiration, equals(expiration));
     });
 
-    test('defaults expiration to 1 hour when not provided', () async {
-      const v2Creds = v2.AWSCredentials(
-        'accessKey',
-        'secretKey',
-        'sessionToken',
-      );
-      const v2Provider = v2.AWSCredentialsProvider(v2Creds);
-      const bridge = V2CredentialsProviderBridge(v2Provider);
+    test(
+      'throws when session token is present but expiration is null',
+      () async {
+        const v2Creds = v2.AWSCredentials(
+          'accessKey',
+          'secretKey',
+          'sessionToken',
+        );
+        const v2Provider = v2.AWSCredentialsProvider(v2Creds);
+        const bridge = V2CredentialsProviderBridge(v2Provider);
 
-      final before = DateTime.now().add(const Duration(minutes: 59));
-      final v3Creds = await bridge.resolve() as v3.TemporaryCredentials;
-      final after = DateTime.now().add(const Duration(hours: 1, minutes: 1));
+        expect(bridge.resolve(), throwsStateError);
+      },
+    );
 
-      expect(v3Creds.expiration.isAfter(before), isTrue);
-      expect(v3Creds.expiration.isBefore(after), isTrue);
-    });
+    test(
+      'throws when expiration is present but session token is null',
+      () async {
+        final v2Creds = v2.AWSCredentials(
+          'accessKey',
+          'secretKey',
+          null,
+          DateTime.now().add(const Duration(hours: 1)),
+        );
+        final v2Provider = v2.AWSCredentialsProvider(v2Creds);
+        final bridge = V2CredentialsProviderBridge(v2Provider);
+
+        expect(bridge.resolve(), throwsStateError);
+      },
+    );
   });
 }
