You are viewing the documentation for an older major version of the AWS SDK for JavaScript.
The modular AWS SDK for JavaScript (v3), the latest major version of AWS SDK for JavaScript, is now stable and recommended for general use. For more information, see the Migration Guide and API Reference.

Class: AWS.SsoCredentials

AWS.Credentials show all
Defined in:



This feature is not supported in the browser environment of the SDK.

Represents credentials from sso.getRoleCredentials API for sso_* values defined in shared credentials file.

Using SSO credentials

The credentials file must specify the information below to use sso:

sso_account_id = 012345678901
sso_region = us-east-1
sso_role_name = SampleRole
sso_start_url =

This information will be automatically added to your shared credentials file by running aws configure sso.

Using custom profiles

The SDK supports loading credentials for separate profiles. This can be done in two ways:

  1. Set the AWS_PROFILE environment variable in your process prior to loading the SDK.
  2. Directly load the AWS.SsoCredentials provider:
var creds = new AWS.SsoCredentials({profile: 'myprofile'});
AWS.config.credentials = creds;

Constructor Summary collapse

Property Summary

Properties inherited from AWS.Credentials

expired, expireTime, accessKeyId, secretAccessKey, sessionToken, expiryWindow

Method Summary collapse

Methods inherited from AWS.Credentials

needsRefresh, get, getPromise, refreshPromise

Constructor Details

new AWS.SsoCredentials(options) ⇒ void

Creates a new SsoCredentials object.


  • options (map)

    a set of options

Options Hash (options):

  • profile (String) — default: AWS_PROFILE env var or 'default'

    the name of the profile to load.

  • filename (String) — default: '~/.aws/credentials' or defined by AWS_SHARED_CREDENTIALS_FILE process env var

    the filename to use when loading credentials.

  • callback (Function) — default: err

    Credentials are eagerly loaded by the constructor. When the callback is called with no error, the credentials have been loaded successfully.

Method Details

refresh(callback) ⇒ void

Loads the credentials from the AWS SSO process

Callback (callback):

  • function(err) { ... }

    Called after the AWS SSO process has been executed. When this callback is called with no error, it means that the credentials information has been loaded into the object (as the accessKeyId, secretAccessKey, and sessionToken properties).


    • err (Error)

      if an error occurred, this value will be filled

See Also:

  • AWS.SsoCredentials.get