Skip to content

feat: 分离 SSO 认证区域与 Q API 区域配置#121

Open
d0zingcat wants to merge 4 commits intojwadow:mainfrom
d0zingcat:fix/sso_region_request_fail
Open

feat: 分离 SSO 认证区域与 Q API 区域配置#121
d0zingcat wants to merge 4 commits intojwadow:mainfrom
d0zingcat:fix/sso_region_request_fail

Conversation

@d0zingcat
Copy link
Copy Markdown

@d0zingcat d0zingcat commented Apr 1, 2026

摘要

  • 新增 KIRO_API_REGION 环境变量,独立控制 Q Developer API 端点区域
  • KIRO_REGION 继续用于 SSO/OIDC token 刷新端点,KIRO_API_REGION 用于 Q API 端点
  • 解决 q.amazonaws.com 仅在特定区域存在,SSO 区域不同时导致 DNS 失败的问题

测试计划

  • 验证 KIRO_REGION=us-east-2 + KIRO_API_REGION=us-east-1 时 Q API 请求正常
  • 验证未设置 KIRO_API_REGION 时默认使用 us-east-1(向后兼容)
  • 运行单元测试 tests/unit/test_auth_manager.py 中新增的 TestKiroAuthManagerApiRegionSeparation 测试类

🤖 Generated with Claude Code

Copilot AI and others added 3 commits April 1, 2026 01:13
Initial plan
61f9109
@d0zingcat
fix: prevent credentials file region from overriding Kiro API host
cf683de 
When users log into Kiro via an organization and enter a region like
us-east-2, the credentials file stores that region. Previously,
_load_credentials_from_file would use it to override _api_host and
_q_host, directing all API calls to https://q.us-east-2.amazonaws.com
which does not exist.

Fix: mirror the SQLite path behaviour — store the credentials region
as _sso_region (used only for the auth/refresh URL) and leave
_api_host/_q_host controlled exclusively by KIRO_REGION env var
(default us-east-1).

Agent-Logs-Url: https://github.com/d0zingcat/kiro-gateway/sessions/c2767caa-9730-4857-9f8a-8e5d0bf74d47

Co-authored-by: d0zingcat <8235790+d0zingcat@users.noreply.github.com>
@d0zingcat
Merge pull request #1 from d0zingcat/copilot/fix-region-env-issue
3d990da 
fix: credentials file region must not override Kiro API host
@cla-bot
Copy link
Copy Markdown

cla-bot bot commented Apr 1, 2026

Thanks for the PR! 🎉

Before merge, we need a one-time CLA confirmation.
It confirms that you have the right to contribute this code and allow the project to use it.

Full CLA text:
https://github.com/jwadow/kiro-gateway/blob/main/CLA.md

Please reply once with:

I have read the CLA and I accept its terms

You need to write once, all further messages from me can be ignored.

@d0zingcat
feat: 分离 SSO 认证区域与 Q API 区域配置
56c6729 
新增 KIRO_API_REGION 环境变量,允许独立配置 Q Developer API 端点区域。
解决 q.amazonaws.com 仅在特定区域存在,而 SSO 区域可能不同导致的 DNS 失败问题。
@d0zingcat d0zingcat force-pushed the fix/sso_region_request_fail branch from 54d0345 to 56c6729 Compare April 1, 2026 10:43
@cla-bot
Copy link
Copy Markdown

cla-bot bot commented Apr 1, 2026

Thanks for the PR! 🎉

Before merge, we need a one-time CLA confirmation.
It confirms that you have the right to contribute this code and allow the project to use it.

Full CLA text:
https://github.com/jwadow/kiro-gateway/blob/main/CLA.md

Please reply once with:

I have read the CLA and I accept its terms

You need to write once, all further messages from me can be ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@d0zingcat