We announced the upcoming end-of-support for AWS SDK for JavaScript v2.
We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Class: AWS.SSOTokenProvider

AWS.Token show all
Defined in:



This feature is not supported in the browser environment of the SDK.

Represents token loaded from disk derived from the AWS SSO device grant authorication flow.

Using SSO Token Provider

This provider is checked by default in the Node.js environment in TokenProviderChain. To use the SSO Token Provider, simply add your SSO Start URL and Region to the ~/.aws/config file in the following format:

sso_start_url = https://d-abc123.awsapps.com/start
sso_region = us-east-1

Using custom profiles

The SDK supports loading token for separate profiles. This can be done in two ways:

  1. Set the AWS_PROFILE environment variable in your process prior to loading the SDK.
  2. Directly load the AWS.SSOTokenProvider:
var ssoTokenProvider = new AWS.SSOTokenProvider({profile: 'myprofile'});

Constructor Summary collapse

Property Summary collapse

Properties inherited from AWS.Token

token, expireTime, expired

Method Summary collapse

Methods inherited from AWS.Token

needsRefresh, get, getPromise, refreshPromise

Constructor Details

new AWS.SSOTokenProvider(options) ⇒ void

Creates a new token object from cached access token.


  • options (map)

    a set of options

Options Hash (options):

  • profile (String) — default: AWS_PROFILE env var or 'default'

    the name of the profile to load.

  • callback (Function) — default: err

    Token is eagerly loaded by the constructor. When the callback is called with no error, the token has been loaded successfully.

Property Details

expiryWindowObject (static, readwrite)

Expiry window of five minutes.

Default Value:

AWS.SSOTokenProvider.expiryWindow = 5 * 60

Method Details

refresh(callback) ⇒ void

Loads the cached access token from disk.

Callback (callback):

  • function(err) { ... }

    Called after the AWS SSO process has been executed. When this callback is called with no error, it means that the token information has been loaded into the object (as the token property).


    • err (Error)

      if an error occurred, this value will be filled.

See Also:

  • AWS.SSOTokenProvider.get