Bug Description
The token health checker has two bugs that cause IDC tokens to be incorrectly marked as invalid:
Bug 1: Missing client_id and client_secret for IDC tokens
Location: kiro_gateway/health_checker.py - check_token method
Problem: When checking token validity, the health checker only passes refresh_token to KiroAuthManager, but IDC tokens require client_id and client_secret for token refresh.
Current code:
manager = KiroAuthManager(
refresh_token=refresh_token,
region=settings.region,
profile_arn=settings.profile_arn
)Fixed code:
creds = user_db.get_token_credentials(token_id)
manager = KiroAuthManager(
refresh_token=creds["refresh_token"],
region=settings.region,
profile_arn=settings.profile_arn,
client_id=creds.get("client_id"),
client_secret=creds.get("client_secret"),
)Bug 2: Health checker does not check invalid tokens or recover them
Location: kiro_gateway/health_checker.py - check_all_tokens method
Problem:
- The health checker only checks tokens with status "active" (
get_all_active_tokens())
- Once a token is marked as "invalid", it is never checked again
- Even when a token recovers (becomes valid again), it is not automatically marked back to "active"
Current behavior:
- Only active tokens are checked
- Invalid tokens are never recovered
Expected behavior:
- Both active and invalid tokens should be checked periodically
- When an invalid token passes the health check, it should be automatically marked as "active"
Fix
I have submitted a fix that addresses both issues:
-
In check_token method: Use user_db.get_token_credentials() to get full credentials including client_id and client_secret for IDC tokens.
-
In check_all_tokens method: Check both active AND invalid tokens, and automatically restore valid tokens to "active" status.
Environment
- KiroGate version: Latest from main branch
- Docker container
- IDC authentication (AWS SSO OIDC)
Bug Description
The token health checker has two bugs that cause IDC tokens to be incorrectly marked as invalid:
Bug 1: Missing client_id and client_secret for IDC tokens
Location:
kiro_gateway/health_checker.py-check_tokenmethodProblem: When checking token validity, the health checker only passes
refresh_tokentoKiroAuthManager, but IDC tokens requireclient_idandclient_secretfor token refresh.Current code:
Fixed code:
Bug 2: Health checker does not check invalid tokens or recover them
Location:
kiro_gateway/health_checker.py-check_all_tokensmethodProblem:
get_all_active_tokens())Current behavior:
Expected behavior:
Fix
I have submitted a fix that addresses both issues:
In
check_tokenmethod: Useuser_db.get_token_credentials()to get full credentials includingclient_idandclient_secretfor IDC tokens.In
check_all_tokensmethod: Check both active AND invalid tokens, and automatically restore valid tokens to "active" status.Environment