v0.24.0

This version adds support for clearing the Granted cache non-interactively, thanks to @jsproede in #643.

granted cache clear --storage session-credentials --profile [profile_name] 

skips the prompts and clears the cache entry immediately.

This version additionally fixes the fish shell completions thanks to @Hawkbawk in #645.

What's Changed

• support JIT role activation in assume --console commands by @meyerjrr in #644
• CLI flags to specify storage and profile to clear credential cache without prompt by @jsproede in #643
• Autoload fish completions and fix Makefile by @Hawkbawk in #645

New Contributors

• @jsproede made their first contribution in #643
• @Hawkbawk made their first contribution in #645

Full Changelog: v0.23.2...v0.24.0

v0.23.2

What's Changed

• Increase backoff for attempted assume by @meyerjrr in #640
• Bump golang.org/x/net from 0.20.0 to 0.23.0 by @dependabot in #641

Full Changelog: v0.23.1...v0.23.2

v0.23.1

What's Changed

• Ensure "firefoxstdout" doesn't get prefix-matched as "firefox" by @gautamg795 in #635
• Propagate prefixDuplicateProfiles option by @sosheskaz in #639
• Add apigateway to service map by @treuherz in #636

New Contributors

• @gautamg795 made their first contribution in #635
• @treuherz made their first contribution in #636

Full Changelog: v0.23.0...v0.23.1

v0.23.0

This release brings a few minor bug fixes and support for Just-In-Time (JIT) access using Common Fate. For more information on JIT access, check out the JIT recipe in our documentation. A big thankyou to @Nepoxx for making their first contribution in this release!

What's Changed

• Cleanup profile registry implementation + improve testability by @chrnorm in #622
• fix bug where every line is removed in config by @Nepoxx in #631
• Update just-in-time access integration by @chrnorm in #630
• cleanup the large banners and replace them with a single-line version by @chrnorm in #633
• add a check for empty access key ID when caching by @chrnorm in #632

New Contributors

• @Nepoxx made their first contribution in #631

Full Changelog: v0.22.0...v0.23.0

v0.22.0

IAM Federated logins now have attributable username in Cloudtrail

• The changes refactor the way federation token ID is used for AWS IAM credentials. Instead of relying on the userID which was previously parsed, the code now uses the userName which is more easily attributable to the IAM user name in the Cloudtrail events list view.

What's Changed

• fix runtime error when sso token expires by @shwethaumashanker in #627
• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 by @dependabot in #621
• feat: Use aws:username for IAM initiated federated console sessions. by @matthewhembree in #626

New Contributors

• @matthewhembree made their first contribution in #626

Full Changelog: v0.21.1...v0.22.0

v0.21.1

What's Changed

• Revert breaking change to 'granted login' with additional prompt for SSO scopes by @chrnorm in #618
• Add --so-scope in hint for granted sso login by @keymon in #619

New Contributors

• @keymon made their first contribution in #619

Full Changelog: v0.21.0...v0.21.1

v0.21.0

Added support for refreshable AWS SSO

You can now add granted_sso_registration_scopes = sso:account:access to your ~/.aws/config, which will cause Granted to respect the session duration in IAM Identity Center. This can be extended to prompt less frequently. Supplying thesso:account:access scope will cause IAM Identity Center to return a refreshable access token, with a total allowed session time in accordance with your configured AWS SSO session length.

What's Changed

• Adds event bridge service map by @CodyDunlap in #611
• Delete former credentials when rotating (granted credentials rotate) by @n3s7or in #582
• Bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 by @dependabot in #586
• Add support for refreshable AWS SSO tokens by @chrnorm in #616

New Contributors

• @CodyDunlap made their first contribution in #611

Full Changelog: v0.20.7...v0.21.0

v0.20.7

Added better error handling for oauth2 invalid_grant error

we have added better error handling for the oauth2 invalid_grant error. Now, whenever this error is encountered, Granted automatically clears the cached token and sends a message like:

[i] It looks like the above error was caused by an invalid authentication token. We have cleared the token from your keychain. To re-run the command, you'll need to authenticate again by running: 'granted login https://d3h0e9z8klkkkk.cloudfront.net/'

What's Changed

• Improve oauth2 error handling for Glide authentication by @shwethaumashanker in #596
• Update service_map.go to add codeartifact, codesuite and codecommit by @wayne-folkes in #594

Full Changelog: v0.20.6...v0.20.7

v0.20.6

Fix for assume --exec with multiple arguments/spaces

The output from goassume when --exec is provided now returns the arguments with proper escaping/splitting to ensure they are evaluated when passed to sh -c in the assume script.

What's Changed

• Fix export lookup values when exporting credentials by @cedieio in #578
• fix: assume --exec with multiple arguments/spaces by @lyoung-confluent in #584
• Fix backwards invocation of io.Copy by @sosheskaz in #589
• Create ~/.aws/config if it does not exist by @sosheskaz in #590

Full Changelog: v0.20.5...v0.20.6

v0.20.5

What's Changed

• Fix SSO_START_URL lookup for credential exports by @cedieio in #572
• Revert "Ensure proper initialization of profiles with source_profile" by @JoshuaWilkes in #576

Full Changelog: v0.20.4...v0.20.5