Kiro Setup Guide
Was this page helpful?
Loading OmniRoute...
each OIDC client registration supports only one active session at a time. When a second device or user authenticates using the same registered client, the backend invalidates the first account's refresh token.
on a machine where another Kiro account is already signed in β the new login revokes the first account's token.
(AWS SSO OIDC) during every Kiro connection import. This gives each OmniRoute connection its own dedicated OIDC client registration. Because each client registration is independent, refreshing or re-authenticating one account does not affect any other account's refresh token.
| Import Token (manual refresh token paste) | |
| Google / GitHub social login | |
| Auto-Import (kiro-cli SQLite) |
. These connections continue to work but use the shared social-auth refresh endpoint, which means two such connections can still invalidate each other.
To gain isolation: delete the old connection from Dashboard β Providers and re-import it using any of the supported import flows. All newly created connections will receive their own client registration automatically.
..
FEATURES.md and the routing documentation for combo configuration.
AWS Builder ID / IDC device-code flow from Dashboard β Providers β Kiro β Device Code. The device-code flow has always been fully isolated. No re-import is needed for these connections.
curl -X POST http://localhost:20128/api/oauth/kiro/import \
-H "Content-Type: application/json" \
-d '{"refreshToken": "aorAAAAAG...", "region": "eu-west-1"}'
field defaults to when omitted.
). OmniRoute stores this timestamp in
for observability. If a connection stops refreshing after ~90 days, re-import the
connection to obtain a fresh OIDC client registration. Automatic re-registration on
expiry is tracked as a future improvement.
in its raw JSON (visible via the info icon). If either connection is missing
, it was imported before v3.8.0 β re-import it.
TROUBLESHOOTING.md.