Clients don't use credentials returned from custom credentials providers when configured through extensions

[arnellebalane]

Checkboxes for prior research

• I've gone through Developer Guide and API reference
• I've checked AWS Forums and StackOverflow.
• I've searched for previous similar issues and didn't find any solution.

Describe the bug

When using an SDK extension to configure a credentials provider for a client, the client calls the credentials provider but does not use the credentials that it returns. Instead it uses the default credentials from the environment where it's running from.

Regression Issue

• Select this option if this issue appears to be a regression.

SDK version number

@aws-sdk/[email protected]

Which JavaScript Runtime is this issue in?

Node.js

Details of the browser/Node.js/ReactNative version

v18.20.5

Reproduction Steps

First, you'll need to have default credentials for an account configured in your environment, let's call this AccountOne.
You'll also need temporary credentials from another account that we'll call AccountTwo.

import { STS } from '@aws-sdk/client-sts';
import { AwsCredentialIdentityProvider } from '@smithy/types';

const fromStaticCredentialProvider = async () => ({
    // TODO: Use temporary credentials from AccountTwo
    accessKeyId: 'accessKeyId',
    secretAccessKey: 'secretAccessKey',
    sessionToken: 'sessionToken',
});

interface ExtensionConfiguration {
    setCredentials(credentials: AwsCredentialIdentityProvider): void;
}

class StaticCredentialsExtension {
    static create(): StaticCredentialsExtension {
        return new StaticCredentialsExtension();
    }

    configure(extensionConfiguration: ExtensionConfiguration): void {
        extensionConfiguration.setCredentials(fromStaticCredentialProvider);
    }
}

// Returns AccountTwo identity which is expected
new STS({
    credentials: fromStaticCredentialProvider,
})
    .getCallerIdentity()
    .then((callerIdentity) => console.log('credentials', callerIdentity));

// Returns AccountOne identity which is incorrect
new STS({
    extensions: [StaticCredentialsExtension.create()],
})
    .getCallerIdentity()
    .then((callerIdentity) => console.log('extensions', callerIdentity));

Observed Behavior

When a client is configured with a credentials provider through the credentials parameter, it uses the credentials returned by that credentials provider when making API calls.

However if the credential provider is configured through an SDK extension in the extensions parameter, the client still calls the credentials provider function but does not use the credentials it returns when making API calls.

Expected Behavior

Configuring credentials through extensions should behave the same way as credentials parameter and should use the credentials returned from the credentials provider function.

Possible Solution

No response

Additional Information/Context

No response

[kuhe]

A fix was released in https://github.com/aws/aws-sdk-js-v3/releases/tag/v3.775.0.

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.