diff --git a/gems/aws-sdk-core/CHANGELOG.md b/gems/aws-sdk-core/CHANGELOG.md index a1259ea6a31..1b5999804e0 100644 --- a/gems/aws-sdk-core/CHANGELOG.md +++ b/gems/aws-sdk-core/CHANGELOG.md @@ -1,6 +1,7 @@ Unreleased Changes ------------------ * Feature - Add YJIT & ZJIT tracking to user agent. +* Issue - Fix error messaging in SSO OIDC. 3.246.0 (2026-04-23) ------------------ diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/json/error_handler.rb b/gems/aws-sdk-core/lib/aws-sdk-core/json/error_handler.rb index 4385dba2a9d..39993663dc7 100644 --- a/gems/aws-sdk-core/lib/aws-sdk-core/json/error_handler.rb +++ b/gems/aws-sdk-core/lib/aws-sdk-core/json/error_handler.rb @@ -68,7 +68,8 @@ def error_message(code, json) if code == 'RequestEntityTooLarge' 'Request body must be less than 1 MB' else - json['message'] || json['Message'] || '' + # SSO OIDC returns error message in error_description, following OAuth 2.0 spec. + json['message'] || json['Message'] || json['error_description'] || '' end end diff --git a/gems/aws-sdk-core/spec/aws/json/error_handler_spec.rb b/gems/aws-sdk-core/spec/aws/json/error_handler_spec.rb index 1204333707f..df460b93003 100644 --- a/gems/aws-sdk-core/spec/aws/json/error_handler_spec.rb +++ b/gems/aws-sdk-core/spec/aws/json/error_handler_spec.rb @@ -38,6 +38,26 @@ module Json } JSON + let(:oauth2_error_resp) { <<~JSON.strip } + { + "__type":"Oauth2ErrorResponse", + "error_description":"foo" + } + JSON + + it 'extracts oauth2 error message from error_description' do + client.stub_responses( + :batch_get_item, + { status_code: 400, body: oauth2_error_resp, headers: {} } + ) + + expect { client.batch_get_item(request_items: {}) } + .to raise_error do |e| + expect(e.code).to eq('Oauth2ErrorResponse') + expect(e.message).to eq('foo') + end + end + it 'extracts error data' do client.stub_responses( :batch_get_item,