[FEATURE] Interactive awsAuthRefresh

Resolved 💬 5 comments Opened Nov 8, 2025 by FutureGadget Closed Jan 15, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

In enterprise environments, device code-based web login for AWS authentication is often blocked by corporate security policies. Tools like gimme-aws-creds can fallback to interactive authentication methods (password + MFA via mobile push, SMS, etc.) when device code auth is unavailable.
Currently, when AWS credentials expire during a Claude Code session, users must:

  1. Press Ctrl+C twice to quit Claude Code
  2. Run authentication tool separately (e.g., gimme-aws-creds) to refresh credentials
  3. Restart Claude Code
  4. Use /resume to continue their work

This workflow disrupts developer productivity and creates unnecessary friction for enterprise developers using AWS Bedrock.

Proposed Solution

Add support for interactive AWS credential refresh within Claude Code, similar to how tools like gimme-aws-creds handle authentication fallbacks.
Desired Behavior
When AWS credentials expire or are invalid:

  1. Claude Code detects the authentication error
  2. Prompts the user: “AWS credentials have expired. Would you like to refresh them now? (y/n)”
  3. If yes, launches the configured authentication flow interactively
  4. Allows user to complete authentication (password entry, MFA approval, etc.)
  5. Automatically resumes the previous task once credentials are refreshed

Alternative Solutions

_No response_

Priority

Medium - Would be very helpful

Feature Category

Configuration and settings

Use Case Example

  • Enterprise developers using AWS Bedrock with SSO/SAML authentication
  • Teams with MFA requirements (Duo push, Okta, etc.)
  • Organizations that disable device code authentication flows
  • Developers working on long-running tasks that span credential expiration windows

Additional Context

Common enterprise authentication tools that require interactive flows:

  • gimme-aws-creds
  • saml2aws

This feature would make Claude Code more viable for enterprise adoption where security policies restrict certain authentication methods.

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗