You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: skip plaintext cache tokens with non-SSO scopes
GetValidSSOTokenFromPlaintextCache matched tokens by startUrl only,
causing it to pick up IDE extension tokens (e.g. codewhisperer:* scopes)
that lack sso:account:access. This resulted in a 401 UnauthorizedException
with no fallback to the browser login flow.
Add scope filtering to skip tokens that contain only non-SSO scopes.
Fixes#940
0 commit comments